Security News > 2021 > November > Android malware BrazKing returns as a stealthier banking trojan
The BrazKing Android banking trojan has returned with dynamic banking overlays and a new implementation trick that enables it to operate without requesting risky permissions.
RAT capabilities-BrazKing can manipulate the target banking application by tapping buttons or keying text in.
Starting on Android 11, Google has categorized the list of installed apps as sensitive information, so any malware that attempts to fetch it is flagged by Play Protect as malicious.
BrazKing no longer uses the 'getinstalledpackages' API request as it used to but instead uses the screen dissection feature to view what apps are installed on the infected device.
Serving the overlays from the attacker's servers also allows them to update the login screens as necessary to coincide with changes on the legitimate banking apps or sites or add support for new banks.
BrazKing's evolution shows that malware authors quickly adapt to deliver stealthier versions of their tools as Android's security tightens up.
News URL
Related news
- New Android Trojan Crocodilus Abuses Accessibility to Steal Banking and Crypto Credentials (source)
- SpyLend Android malware downloaded 100,000 times from Google Play (source)
- New TgToxic Banking Trojan Variant Evolves with Anti-Analysis Upgrades (source)
- Vo1d malware botnet grows to 1.6 million Android TVs worldwide (source)
- BadBox malware disrupted on 500K infected Android devices (source)
- North Korea’s ScarCruft Deploys KoSpy Malware, Spying on Android Users via Fake Utility Apps (source)
- New Android malware uses Microsoft’s .NET MAUI to evade detection (source)
- APT36 Spoofs India Post Website to Infect Windows and Android Users with Malware (source)
- Android Malware Exploits a Microsoft-Related Security Blind Spot to Avoid Detection (source)
- New Crocodilus malware steals Android users’ crypto wallet keys (source)