Security News > 2021 > November > Android malware BrazKing returns as a stealthier banking trojan
The BrazKing Android banking trojan has returned with dynamic banking overlays and a new implementation trick that enables it to operate without requesting risky permissions.
RAT capabilities-BrazKing can manipulate the target banking application by tapping buttons or keying text in.
Starting on Android 11, Google has categorized the list of installed apps as sensitive information, so any malware that attempts to fetch it is flagged by Play Protect as malicious.
BrazKing no longer uses the 'getinstalledpackages' API request as it used to but instead uses the screen dissection feature to view what apps are installed on the infected device.
Serving the overlays from the attacker's servers also allows them to update the login screens as necessary to coincide with changes on the legitimate banking apps or sites or add support for new banks.
BrazKing's evolution shows that malware authors quickly adapt to deliver stealthier versions of their tools as Android's security tightens up.
News URL
Related news
- New FakeCall Malware Variant Hijacks Android Devices for Fraudulent Banking Calls (source)
- New Android Banking Malware 'ToxicPanda' Targets Users with Fraudulent Money Transfers (source)
- New DroidBot Android banking malware spreads across Europe (source)
- New DroidBot Android malware targets 77 banking, crypto apps (source)
- Cyber crooks push Android malware via letter (source)
- SpyLoan Android malware on Google play installed 8 million times (source)
- 8 Million Android Users Hit by SpyLoan Malware in Loan Apps on Google Play (source)
- This $3,000 Android Trojan Targeting Banks and Cryptocurrency Exchanges (source)
- Fake Recruiters Distribute Banking Trojan via Malicious Apps in Phishing Scam (source)
- Germany sinkholes BadBox malware pre-loaded on Android devices (source)