Search This Blog

Powered by Blogger.

Blog Archive

Labels

PixPirate: Brand New Brazilian Banking Trojan

PixPirate has advanced features, primarily achieved by abusing Accessibility Services, such as the ability to intercept valid banking info and more.
A brand new Android banking trojan has attacked Brazilian financial infrastructures to execute financial scams by leveraging the PIX payments platform. Italian cyberthreat Security Company Cleafy identified the malware PixPirate at the end of 2022 and the beginning of 2023. 

PixPirate has advanced features, primarily achieved by abusing Accessibility Services, such as the ability to intercept valid banking credentials and perform ATS attacks on multiple sources, delete SMS messages, prevent uninstallation, disable Google Play Protect, and Malvertising. 

"PixPirate belongs to the newest generation of Android banking trojan, as it can perform ATS (Automatic Transfer System), enabling attackers to automate the insertion of a malicious money transfer over the Instant Payment platform Pix, adopted by multiple Brazilian banks," researchers Alessandro Strino and Francesco Iubatti reported to the media. 

Besides compromising credentials and passwords entered by users on banking apps, the malicious actors behind the operation have also leveraged code obfuscation and encryption using a framework known as Auto.js to resist fighting back from the attacked system. 

The findings came to the light more than a month after ThreatFabric disclosed another malware called BrasDex. This malware also comes with ATS features, in addition to abusing PIX to make fraudulent fund transfers. 

"The introduction of ATS capabilities paired with frameworks that will help the development of mobile applications, using flexible and more widespread languages (lowering the learning curve and development time), could lead to more sophisticated malware that, in the future, could be compared with their workstation counterparts," the researchers said. 

Furthermore, the development came to the public when Cyble found a new Android remote access Trojan tracked as Gigabud RAT victimizing users in Thailand, the Philippines, and Peru. 

"The RAT has advanced features such as screen recording and abusing the accessibility services to steal banking credentials," the researchers added. 

As per the reports, Latin American countries recorded the world's highest cybercrime rate with 3x more mobile browser attacks than the global average in the first half of 2020. Along with this, reports also reads that phishing attacks have a high success rate and are utilized by financially motivated threat actors to steal important credentials such as bank logins and other financial data.
Share it:

Brazilian

malware

New Banking Trojan

PixPirate