New Banking Trojan Targeting 100M Pix Payment Platform Accounts
New malware demonstrates how threat actors are pivoting toward payment platform attacks, researchers say.
A new Android banking Trojan called PixPirate is targeting more than 100 million Brazilian Pix instant payment accounts.
The Pix payment platform was created and is operated by the Brazil Central Bank, and it's used to make instant mobile payments across Latin America using a variety of banks.
Researchers with the Cleafy TIR Team — who have been tracking the PixPirate Brazilian banking Trojan since late 2022 — released a report this week detailing PixPirate's intention to steal credentials and deploy its noteworthy automatic transfer system (ATS) used to make automatic fraudulent money transfers. Additionally, by abusing accessibility services, PixPirate also has the flexibility to steal credentials and launch ATS attacks across multiple bank user interfaces using the Pix platform.
The malware also can intercept and delete SMS messages, push malvertising efforts, and contains code protection that attempts to evade detection, the report said.
"PixPirate represents one of the emerging malware that will try and leverage the double edge blade mechanism related to instant payments," the Cleafy team added. "The introduction of ATS capabilities paired with frameworks that will help the development of mobile applications, using flexible and more widespread languages (lowering the learning curve and development time), could lead to more sophisticated malware that, in the future, could be compared with their workstation counterparts."
About the Author
You May Also Like
Unleashing AI to Assess Cyber Security Risk
Nov 12, 2024Securing Tomorrow, Today: How to Navigate Zero Trust
Nov 13, 2024The State of Attack Surface Management (ASM), Featuring Forrester
Nov 15, 2024Applying the Principle of Least Privilege to the Cloud
Nov 18, 2024The Right Way to Use Artificial Intelligence and Machine Learning in Incident Response
Nov 20, 2024