Skip to content Skip to footer

New PixPirate Android Banking Trojan Technique Thwarts Detection

The PixPirate Android banking has recently been using a new technique to avoid detection and steal sensitive information from users in Brazil. This technique involves hiding the malicious app's icon from the victim's device's home screen, making it difficult for the user to detect and remove the .

According to security researcher Nir Somech, this new technique allows PixPirate to operate in the background without the victim's knowledge during the reconnaissance and attack phases. This makes it easier for the to commit fraud, such as unauthorized fund transfers and stealing banking credentials and credit card information.

PixPirate is typically distributed through SMS and WhatsApp, using a dropper app to install the primary payload. However, in the latest version, the dropper app runs and executes the malicious code. This allows the to maintain persistence even if the dropper app is removed from the device.

The new version of PixPirate also uses different receivers to trigger the primary payload, making it even more challenging to detect and remove. These receivers are activated based on various system events, not just by the initial dropper app.

This new technique is similar to another targeting Latin American banks, Fakext, which uses a rogue extension to carry out its fraudulent activities. Both demonstrates threat actors' increasing sophistication and creativity in targeting financial institutions and their customers.

In conclusion, the PixPirate Android banking trojan is a severe threat to users in Brazil, and its new technique of hiding its icon makes it even more challenging to detect and remove. Users should be cautious when downloading and regularly update their devices and security software to protect against these types of threats. 

Leave a comment

Newsletter Signup

The Grid —
The Matrix Has Me
Big Bear Lake, CA 92315

01010011 01111001 01110011 01110100 01100101 01101101 00100000
01000110 01100001 01101001 01101100 01110101 01110010 01100101

Never send a boy to do a woman's job.Kate

Deitasoft © 2024. All Rights Reserved.