Pix is an online payment platform created and managed by the Central Bank of Brazil, which allows users to make quick payments and transfers with over 100 million registered accounts worldwide. Recently, a new type of mobile malware has been discovered that is targeting Brazil and other Latin American countries. This malware, known as PixPirate, was discovered by Cleafy between late 2022 and early 2023 and is designed to steal sensitive data and commit fraud against Pix platform users. PixPirate appears to be a legitimate application to victims, but is actually malicious. It is usually delivered using a dropper application, which downloads and installs the banking trojan. Once installed, PixPirate will try to enable Accessibility Services, which it uses to communicate with other apps and perform malicious tasks such as disabling Google Play Protect, intercepting SMS messages, preventing uninstallation, and displaying fake advertisements. The malware also includes a script that can be used to delete SMS messages containing certain text. PixPirate also uses certificate pinning to protect communications from man-in-the-middle attacks. Although the threat appears to be in its early stages, researchers believe that more threats may follow in the future, targeting other Latin American countries or even shifting to other regions.
This Cyber News was published on heimdalsecurity.com. Publication date: Tue, 07 Feb 2023 14:41:02 +0000