Security News > 2021 > November > Android malware BrazKing returns as a stealthier banking trojan
The BrazKing Android banking trojan has returned with dynamic banking overlays and a new implementation trick that enables it to operate without requesting risky permissions.
RAT capabilities-BrazKing can manipulate the target banking application by tapping buttons or keying text in.
Starting on Android 11, Google has categorized the list of installed apps as sensitive information, so any malware that attempts to fetch it is flagged by Play Protect as malicious.
BrazKing no longer uses the 'getinstalledpackages' API request as it used to but instead uses the screen dissection feature to view what apps are installed on the infected device.
Serving the overlays from the attacker's servers also allows them to update the login screens as necessary to coincide with changes on the legitimate banking apps or sites or add support for new banks.
BrazKing's evolution shows that malware authors quickly adapt to deliver stealthier versions of their tools as Android's security tightens up.
News URL
Related news
- New Android malware steals your credit cards for NFC relay attacks (source)
- SuperCard X Android Malware Enables Contactless ATM and PoS Fraud via NFC Relay Attacks (source)
- Russian army targeted by new Android malware hidden in mapping app (source)
- Android malware Crocodilus adds fake contacts to spoof trusted callers (source)
- Android Trojan Crocodilus Now Active in 8 Countries, Targeting Banks and Crypto Wallets (source)
- FBI: BADBOX 2.0 Android malware infects millions of consumer devices (source)