PixPirate: New Android Banking Trojan Targeting Brazilian Financial Institutions
A new Android banking trojan has set its eyes on Brazilian financial institutions to commit fraud by leveraging the PIX payments platform
Stay secure with the latest updates on banking cybersecurity trends, threats, and solutions in the finance industry. Protect your assets and data now.
Search across headline titles and summaries.
Background for this topic.
Banking encompasses the digital systems and networks that manage financial transactions, customer accounts, credit issuance, and investment services. These systems handle sensitive data such as account numbers, transaction histories, and personal identification details, relying on interconnected payment gateways and APIs that require continuous availability and data integrity to function correctly.
Security concerns focus on preventing unauthorized access to online banking portals, protecting transaction processing from manipulation, and safeguarding sensitive data from insider threats. Effective defenses include multi-factor authentication, encryption of data both in transit and at rest, and real-time monitoring of transactions to detect anomalies. Maintaining strict access controls and promptly addressing software vulnerabilities are critical to preserving trust and operational stability in banking environments.
A new Android banking trojan has set its eyes on Brazilian financial institutions to commit fraud by leveraging the PIX payments platform
We look into an ongoing malware campaign we named TgToxic, targeting Android mobile users in Taiwan, Thailand, and Indonesia since July 2022. The malware steals users’ credentials and assets such as cryptocurrency from digital wallets, as well as money from bank and finance apps. Analyzing the automated features of the malware, we found that the threat actor abused legitimate test framework Easyclick to write a Javascript-based automation script for functions such as clicks and gestures.
A threat actor named InTheBox is promoting on Russian cybercrime forums an inventory of 1,894 web injects (overlays of phishing windows) for stealing credentials and sensitive data from banking, cryptocurrency exchange, and e-commerce apps [...]