Security News > 2024 > March > PixPirate Android malware uses new tactic to hide on phones

The latest version of the PixPirate banking trojan for Android employs a new method to hide on phones while remaining active, even if its dropper app has been removed.
PixPirate is a new Android malware first documented by the Cleafy TIR team last month seen targeting Latin American banks.
A new report by IBM explains that contrary to the standard tactic of malware attempting to hide its icon, which is possible on Android versions up to 9, PixPirate does not use a launcher icon.
The first app is known as a 'downloader' and is distributed through APKs that are spread via phishing messages sent on WhatsApp or SMS. This downloader app requests access to risky permissions upon installation, including Accessibility Services, and then proceeds to download and install the second app, which is the encrypted PixPirate banking malware.
Anatsa Android malware downloaded 150,000 times via Google Play.
New 'Gold Pickaxe' Android, iOS malware steals your face for fraud.
News URL
Related news
- Triada Malware Preloaded on Counterfeit Android Phones Infects 2,600+ Devices (source)
- BadBox malware disrupted on 500K infected Android devices (source)
- North Korea’s ScarCruft Deploys KoSpy Malware, Spying on Android Users via Fake Utility Apps (source)
- New Android malware uses Microsoft’s .NET MAUI to evade detection (source)
- APT36 Spoofs India Post Website to Infect Windows and Android Users with Malware (source)
- Android Malware Exploits a Microsoft-Related Security Blind Spot to Avoid Detection (source)
- New Crocodilus malware steals Android users’ crypto wallet keys (source)
- Counterfeit Android devices found preloaded With Triada malware (source)
- SpyNote, BadBazaar, MOONSHINE Malware Target Android and iOS Users via Fake Apps (source)
- Chinese Android Phones Shipped with Fake WhatsApp, Telegram Apps Targeting Crypto Users (source)