March 13, 2024 at 10:09AM
PixPirate Android banking trojan utilizes new method to elude detection and steal sensitive data in Brazil. The malware hides its icon from the victim’s device, making the operations inconspicuous. Employing SMS and WhatsApp, it uses a downloader app to install and execute its main fraudulent activities, posing a significant threat to online banking security.
The meeting notes from the article “Financial Fraud / Mobile Security” highlight the emergence of new techniques used by threat actors behind the PixPirate Android banking trojan to evade detection and carry out financial fraud in Brazil, including unauthorized fund transfers, stealing online banking credentials, and intercepting SMS messages for two-factor authentication codes. The malware is distributed via SMS and WhatsApp using a downloader app to deploy the main payload, which allows the malware to operate covertly and persist on compromised devices even if the downloader is removed. Additionally, the notes mention a new malware targeting Latin American banks called Fakext, which employs a rogue Microsoft Edge extension called SATiD to conduct man-in-the-browser and web injection attacks, primarily targeting banks in Mexico. The extension has been taken down from the Edge Add-ons store. This information provides valuable insight into the evolving tactics used by threat actors in the ongoing battle against financial fraud and mobile security.