Security News > 2021 > September > Hackers Targeting Brazil's PIX Payment System to Drain Users' Bank Accounts
Two newly discovered malicious Android applications on Google Play Store have been used to target users of Brazil's instant payment ecosystem in a likely attempt to lure victims into fraudulently transferring their entire account balances into another bank account under cybercriminals' control.
"The attackers distributed two different variants of banking malware, named PixStealer and MalRhino, through two separate malicious applications [] to carry out their attacks," Check Point Research said in an analysis shared with The Hacker News.
Launched in November 2020 by the Central Bank of Brazil, the country's monetary authority, Pix is a state-owned payments platform that enables consumers and companies to make money transfers from their bank accounts without requiring debit or credit cards.
PixStealer, which was found distributed on Google Play as a fake PagBank Cashback service app, is designed to empty a victim's funds to an actor-controlled account, while MalRhino - masquerading as a mobile token app for Brazil's Inter bank - comes with advanced features necessary to collect the list of installed apps and retrieve PIN for specific banks.
"When a user opens their PIX bank application, Pixstealer shows the victim an overlay window, where the user can't see the attacker's moves," the researchers said.
"With the increasing abuse of the Accessibility Service by mobile banking malware, users should be wary of enabling the relevant permissions even in the applications distributed via known app stores such as Google Play.".