A new Android banking Trojan dubbed “PixPirate” has been discovered targeting Brazilian financial institutions in late 2022 and early this year.
The findings are from the following security experts: Creefydescribed the new threat in an advisory published Friday.
“PixPirate is a latest-generation Android banking Trojan. Capable of running an ATS (automated transfer system), attackers can send malicious money transfers via Pix, an instant payment platform employed by several Brazilian banks. You can automate the insertion of technical articles.
According to Cleafy security researchers Francesco Lubatti and Alessandro Strino, the main purpose of this malware was to steal sensitive information and attempt to defraud Pix users.
“PixPirate is typically distributed using a dropper application and is used to download (sometimes just unzip) and install banking Trojans,” the advisory states.
“During installation, PixPirate immediately attempts to enable accessibility services, which are persistently requested in fake pop-ups until the victim accepts.”
After being granted these permissions, an attacker could use PixPirate to create scripts that could interact with the device’s UI and perform actions such as entering text, simulating touch events, scrolling lists, etc. was observed.
“By examining PixPirate’s code, we identified several references related to a framework called Auto.js, an open-source tool for automating tasks on Android devices using JavaScript.” writes Lubatti and Strino.
“Auto.js also provides a built-in JavaScript interpreter, which allows scripts to run on the device itself without the need for an external runtime.”
The researchers further add that Auto.js is a new framework for mobile banking Trojans that allows malicious actors to use JavaScript automation scripts, web communication management functions within applications, and built-in code encryption/obfuscation functions. I explained that it allows us to speed up the development phase through
“Introduction of ATS functionality combined with a framework that aids in the development of mobile applications using a flexible and broader language […], which may lead to more advanced malware and may be compared to its workstation counterpart in the future. “
Cleafy’s recommendations will be made in the coming months. Flash point suggestion Brazil tops the list of countries with the most data breaches in 2022.
