This malware hides on Android smartphones. It appeared in Brazil, and experts warn that it may spread to more countries
Paying a bill with a simple point of your phone's camera on a QR code is already common – and now there are those taking advantage of it to carry out theft. At stake is PixPirate, a banking Trojan that hides in even the most advanced (and expensive) Android smartphones.
This malware was first discovered in Brazil at the end of 2022 by an online fraud detection company Clavi. This is a malware that uses the Pix bank transfer platform – created by the Brazilian Central Bank – to scam users. But security experts in IBM They actually came to warn about the possibility of reaching other countries.
In Brazil, where there have been more cases of fraud, hackers linked to PixPirate used the new version of the Reboleto tool to change the QR code on invoices. When using BEX to pay these bills, a person is left without money for these expenses (but maintains the debt), he explains Folha de San Paulo.
PixPirate uses an infection vector based on two malicious applications: a downloader and a dropper. In other words, it all starts with a message containing a malicious link (which can be sent via SMS or WhatsApp), where an update is requested on behalf of the bank, by clicking on the link (downloader). Once this update is performed, the PixPirate (dropper) malware takes effect. IBM explains that the two “communicate together to carry out the fraud.”
Once installed on a smartphone, this malware can manipulate, control, install and uninstall applications, registry keys (allowing them to save passwords), access accounts, lock and unlock the screen, and read, edit and delete messages (whether SMS or text messages). short). WhatsApp or even email) and deactivate Google Play Protect, among others.
IMB explains that PixPirate is essentially able to collect all the information it needs to steal “online banking credentials, credit card details, and login information for all targeted accounts.” Even two-factor authentications are not secure: the malware can also access, edit and delete a victim's SMS messages, including any messages sent by the bank.