Security News > 2023 > February > PixPirate: New Android Banking Trojan Targeting Brazilian Financial Institutions
A new Android banking trojan has set its eyes on Brazilian financial institutions to commit fraud by leveraging the PIX payments platform.
"PixPirate belongs to the newest generation of Android banking trojan, as it can perform ATS, enabling attackers to automate the insertion of a malicious money transfer over the Instant Payment platform Pix, adopted by multiple Brazilian banks," researchers Francesco Iubatti and Alessandro Strino said.
Besides stealing passwords entered by users on banking apps, the threat actors behind the operation have leveraged code obfuscation and encryption using a framework known as Auto.js to resist reverse engineering efforts.
The dropper apps used to deliver PixPirate come under the garb of authenticator apps.
The development also comes as Cyble shed light on a new Android remote access trojan codenamed Gigabud RAT targeting users in Thailand, Peru, and the Philippines since at least July 2022 by masquerading as bank and government apps.
In a more concerning twist, fraudulent apps have found a way to bypass defenses in Apple App Store and Google Play to perpetrate what's called a pig butchering scam called CryptoRom.
News URL
https://thehackernews.com/2023/02/pixpirate-new-android-banking-trojan.html
Related news
- New Medusa Android Trojan Targets Banking Users Across 7 Countries (source)
- New Android Banking Trojan BingoMod Steals Money, Wipes Devices (source)
- Grandoreiro Banking Trojan Hits Brazil as Smishing Scams Surge in Pakistan (source)
- Experts Warn of Mekotio Banking Trojan Targeting Latin American Countries (source)