Security News > 2021 > November > Android malware BrazKing returns as a stealthier banking trojan
The BrazKing Android banking trojan has returned with dynamic banking overlays and a new implementation trick that enables it to operate without requesting risky permissions.
RAT capabilities-BrazKing can manipulate the target banking application by tapping buttons or keying text in.
Starting on Android 11, Google has categorized the list of installed apps as sensitive information, so any malware that attempts to fetch it is flagged by Play Protect as malicious.
BrazKing no longer uses the 'getinstalledpackages' API request as it used to but instead uses the screen dissection feature to view what apps are installed on the infected device.
Serving the overlays from the attacker's servers also allows them to update the login screens as necessary to coincide with changes on the legitimate banking apps or sites or add support for new banks.
BrazKing's evolution shows that malware authors quickly adapt to deliver stealthier versions of their tools as Android's security tightens up.
News URL
Related news
- TrickMo Banking Trojan Can Now Capture Android PINs and Unlock Patterns (source)
- New FakeCall Malware Variant Hijacks Android Devices for Fraudulent Banking Calls (source)
- New Android Banking Malware 'ToxicPanda' Targets Users with Fraudulent Money Transfers (source)
- TrickMo malware steals Android PINs using fake lock screen (source)
- Astaroth Banking Malware Resurfaces in Brazil via Spear-Phishing Attack (source)
- New Grandoreiro Banking Malware Variants Emerge with Advanced Tactics to Evade Detection (source)
- Russia targets Ukrainian conscripts with Windows, Android malware (source)
- Android malware "FakeCall" now reroutes bank calls to attackers (source)
- Cyber crooks push Android malware via letter (source)