Security News > 2023 > February > PixPirate: New Android Banking Trojan Targeting Brazilian Financial Institutions
A new Android banking trojan has set its eyes on Brazilian financial institutions to commit fraud by leveraging the PIX payments platform.
"PixPirate belongs to the newest generation of Android banking trojan, as it can perform ATS, enabling attackers to automate the insertion of a malicious money transfer over the Instant Payment platform Pix, adopted by multiple Brazilian banks," researchers Francesco Iubatti and Alessandro Strino said.
Besides stealing passwords entered by users on banking apps, the threat actors behind the operation have leveraged code obfuscation and encryption using a framework known as Auto.js to resist reverse engineering efforts.
The dropper apps used to deliver PixPirate come under the garb of authenticator apps.
The development also comes as Cyble shed light on a new Android remote access trojan codenamed Gigabud RAT targeting users in Thailand, Peru, and the Philippines since at least July 2022 by masquerading as bank and government apps.
In a more concerning twist, fraudulent apps have found a way to bypass defenses in Apple App Store and Google Play to perpetrate what's called a pig butchering scam called CryptoRom.
News URL
https://thehackernews.com/2023/02/pixpirate-new-android-banking-trojan.html
Related news
- New FakeCall Malware Variant Hijacks Android Devices for Fraudulent Banking Calls (source)
- New Android Banking Malware 'ToxicPanda' Targets Users with Fraudulent Money Transfers (source)
- New DroidBot Android banking malware spreads across Europe (source)
- New DroidBot Android malware targets 77 banking, crypto apps (source)
- This $3,000 Android Trojan Targeting Banks and Cryptocurrency Exchanges (source)
- Fake Recruiters Distribute Banking Trojan via Malicious Apps in Phishing Scam (source)