Security News > 2021 > November > Android malware BrazKing returns as a stealthier banking trojan
The BrazKing Android banking trojan has returned with dynamic banking overlays and a new implementation trick that enables it to operate without requesting risky permissions.
RAT capabilities-BrazKing can manipulate the target banking application by tapping buttons or keying text in.
Starting on Android 11, Google has categorized the list of installed apps as sensitive information, so any malware that attempts to fetch it is flagged by Play Protect as malicious.
BrazKing no longer uses the 'getinstalledpackages' API request as it used to but instead uses the screen dissection feature to view what apps are installed on the infected device.
Serving the overlays from the attacker's servers also allows them to update the login screens as necessary to coincide with changes on the legitimate banking apps or sites or add support for new banks.
BrazKing's evolution shows that malware authors quickly adapt to deliver stealthier versions of their tools as Android's security tightens up.
News URL
Related news
- Rocinante Trojan Poses as Banking Apps to Steal Sensitive Data from Brazilian Android Users (source)
- TrickMo Android Trojan Exploits Accessibility Services for On-Device Banking Fraud (source)
- New Octo2 Android Banking Trojan Emerges with Device Takeover Capabilities (source)
- Hackers steal banking creds from iOS, Android users via PWA apps (source)
- Android malware uses NFC to steal money at ATMs (source)
- New NGate Android malware uses NFC chip to steal credit card data (source)
- Cybercriminals Deploy New Malware to Steal Data via Android’s Near Field Communication (NFC) (source)
- New Android Malware NGate Steals NFC Data to Clone Contactless Payment Cards (source)
- SpyAgent Android malware steals your crypto recovery phrases from images (source)
- New Android SpyAgent Malware Uses OCR to Steal Crypto Wallet Recovery Keys (source)