The new banking Trojan for Android has aimed at Brazilian financial institutions to make fraud using the Pix payment platform. The Italian cybersecurity company Cleafy, which discovered at the end of last year , tracks it under the name pixpirate.
“PIXPIRETE Belongs to the latest generation of banking trojans for Android, since it can perform the functions of the automatic translation system (ATS). This function allows attackers to automate the process of harmful money transfers through the PIX instantaneous payment platform, actively used by several Brazilian banks,” said they said Researchers Cleafy.
pixpirate complements a long list of malicious programs in the field of Android-banking. All of them use the vulnerabilities of the API of the special capabilities of the operating system to perform their malicious actions, including disconnect the Google Play Protect, intercept SMS messages, prevent your own removal, showing fraudulent advertising through push-notifications, etc.
In addition to the theft of passwords introduced by users in banking applications, the attackers standing behind the operation use the code for the code using the Auto.js platform to resist the efforts of experts in reverse development (reverse engineering) and opening the source code.
The malware-authentic application necessary for the delivery of malicious to the device
Dropper applications used to deliver Pixpirate are hidden under the guise of authenticator applications distributed, as a rule, through APK files on phishing sites. At the moment, no evidence that these applications were published in the official Google Play store.
Cleafy researchers express their fears about the emergence of more complex malicious programs in the near future, also using ATS technology.