This new malware wants to drain your bank account for the holidays. Here’s how to stay safe.
Screenshots by Zach Laidlaw
Disable ‘Install unknown apps’
The Google Play Store is the default app store found on most Android devices sold in the U.S. Although Android phones can download apps from other sources, most of them ship with this feature turned off by default. Still with Sturnus going around, it’s a good idea to check to make sure your phone can’t accidentally sideload an app from a dubious corner of the internet.
If you have a Samsung Galaxy phone, open the Settings app, tap on “Security and privacy,” then “More security settings,” and finally “Install unknown apps.” Make sure every app on this page is unchecked.
Screenshots by Zach Laidlaw
If you have a Google Pixel phone, open the Settings app, tap on “Apps,” then “Special app access,” and lastly “Install unknown apps.” As with Samsung, make sure every app on this page is disabled.
Screenshots by Zach Laidlaw
For those with other-branded Androids, you should be able to find this feature by opening your Settings app and typing “install unknown apps” into the search bar. As with the devices above, make sure this feature is disabled.
Extra features
Depending on your device, some Android phones come with additional security features that protect against malware, both on the software side and the hardware side. For instance, Samsung Knox protects data and defends from cybersecurity threats. As for Pixels 6 and up, they come with a Titan M2 chip that makes it harder for hackers to access your phone if it’s stolen, plus regular monthly security updates directly from Google ensure that their phones are always up to date.
The fix?
At this time, there is currently no fix for Sturnus, and there isn’t likely to be one anytime soon. Since the malware exploits several important features baked directly into the Android operating system, Google would have to disable these features entirely to get rid of the problem, something that simply can’t be done.
RELATED: Cloudflare crash exposes the internet’s fragile core — and worse may be coming
Photo by Jakub Porzycki/NurPhoto via Getty Images
With Sturnus on the rise, it’s probably not a coincidence that Google recently announced that it is making it more difficult to distribute and sideload unverified apps from third-party sources. The move would prevent this exact kind of malware from infecting devices worldwide, though backlash from avid Android users has caused Google to loosen these restrictions just a bit. The final version of the sideloading changes are expected to roll out starting in late 2026.
As for now, your best bet to keep Sturnus out of your phone is to stay away from APKs that come from anywhere outside of the Google Play Store. Do that one simple thing, and you have nothing to worry about.
Leave a Reply
You must be logged in to post a comment.