Home » Articole » Articles » Computers » Computer security » A threat for WhatsApp on Android phones: PixPirate

A threat for WhatsApp on Android phones: PixPirate

Samsung Galaxy smartphone

The security team at IBM Trusteer realized a warning about a security breach through a piece of malware, PixPirate.

PixPirate is a new and sophisticated Android banking Trojan that has been targeting users in Brazil and other Latin American countries since late 2022. It’s designed to commit fraud against users of the Pix instant payment platform, developed and managed by the Central Bank of Brazil, which enables quick payment and transfer execution across over 100 million registered accounts worldwide.

The malware disguises itself with well-known names and icons to appear as a trusted application to victims. It is usually delivered using a dropper application, which is employed to download and install the banking trojan. Once installed, PixPirate attempts to enable Accessibility Services with persistent fake pop-ups until the victim accepts. These Accessibility Services are then exploited to activate all of PixPirate’s harmful features.

PixPirate uses a combination of tactics to achieve its goals, including:

  • Code obfuscation and encryption to thwart reverse engineering efforts.
  • A JavaScript module, leveraging Android’s accessibility features, to steal banking passwords. This module is designed to recognize different UI elements of banking apps and capture the password input text displayed on the screen.
  • Scripts to delete SMS messages that contain particular text, aiding in hiding fraudulent activities from the victim and analysts conducting incident response.

Moreover, the malware can prevent its uninstallation, disable Google Play Protect, intercept SMS messages and banking credentials, and perform Automated Transfer System (ATS) attacks via Pix payments. It also engages in malvertising by sending push notifications to the victim’s device.

This Android malware represents the latest generation of banking trojans, emphasizing the continuous evolution of cyber threats and the importance of maintaining strong cybersecurity practices, especially for users in the targeted regions​​​​.

IBM Trusteer stated that: “Usually, victims get infected with PixPirate by downloading the PixPirate downloader from a malicious link sent to them through WhatsApp or an SMS phishing (smishing) message. This message convinces the victim to download the downloader, which impersonates a legitimate authentication app associated with the bank. Once the victim launches the downloader, it asks the victim to install an updated version of itself, which is, in fact, the actual PixPirate malware.”

Editing and Publishing e-Books
Editing and Publishing e-Books

You wrote a book. Very nice. But you didn’t write to keep it for you. You should publish it. The problem is that the publishers charge high prices for some authors pockets, and do it objectively, due to the high … Read More

not rated $3.99 Select options
How to Sell (eCommerce) – Marketing and Internet Marketing Strategies
How to Sell (eCommerce) – Marketing and Internet Marketing Strategies

Techniques and actions for a company to develop the sale of the products and services by adapting, where necessary, the production and commercialization to consumer needs. Marketing is considered as the first creative link that will lead to sales. In … Read More

not rated $3.99 Select options
What is e-book? A guide for free ebook publishing
What is e-book? A guide for free ebook publishing

The e-book guide for publishers: how to publish, EPUB format, ebook readers and suppliers. An electronic book (also e-book, ebook, electronic book, digital book) is a book-length publication in digital form, consisting of text, images, or both, and produced on, … Read More

not rated $0.00 Select options

Leave a Reply

Your email address will not be published. Required fields are marked *