A brand new Android banking trojan has attacked Brazilian financial infrastructures to execute financial scams by leveraging the PIX payments platform. Italian cyberthreat Security Company Cleafy identified the malware PixPirate at the end of 2022 and the beginning of 2023.
PixPirate has advanced features, primarily achieved by abusing Accessibility Services, such as the ability to intercept valid banking credentials and perform ATS attacks on multiple sources, delete SMS messages, prevent uninstallation, disable Google Play Protect, and Malvertising.
“PixPirate belongs to the newest generation of Android banking trojan, as it can perform ATS (Automatic Transfer System), enabling attackers to automate the insertion of a malicious money transfer over the Instant Payment platform Pix, adopted by multiple Brazilian banks,” researchers Alessandro Strino and Francesco Iubatti reported to the media.
Besides compromising credentials and passwords entered by users on banking apps, the malicious actors behind the operation have also leveraged code obfuscation and encryption using a framework known as Auto.js to resist fighting back from the attacked system.
The findings came to the light more than a month after ThreatFabric disclosed another malware called BrasDex. This malware also comes with ATS features, in a
[…]
Content was cut in order to protect the source.Please visit the source for the rest of the article.
[…]
Content was cut in order to protect the source.Please visit the source for the rest of the article.
This article has been indexed from CySecurity News – Latest Information Security and Hacking Incidents
Read the original article: