Several financial institutions in Brazil have been targeted by the novel Android banking trojan PixPirate that exploits the PIX payments platform for fraudulent activities, according to The Hacker News.
Aside from featuring Automatic Transfer System capabilities that allow automated malicious money transfers via the PIX platform, PixPirate also exploits accessibility services API to gather SMS messages, deactivate Google Play Protect, and curb uninstallation, among others, a report from Cleafy revealed.
Moreover, reverse engineering efforts are being curbed by the banking trojan through the Auto.js framework, while operators have also been using dropper apps impersonating as authenticator apps for the distribution of the PixPirate malware.
"The introduction of ATS capabilities paired with frameworks that will help the development of mobile applications, using flexible and more widespread languages (lowering the learning curve and development time), could lead to more sophisticated malware that, in the future, could be compared with their workstation counterparts," said researchers.