"This new strain of malware operates stealthily within the device until the moment the victim initiates a Pix transfer. What distinguishes this threat from conventional banking trojans is its fundamental design: a human or AI agent operator is actively engaged on the remote end, observing the victim's phone screen instantaneously, poised to act at the precise moment of transaction."
"The Android malware propagates via fake Google Play Store app listing pages for apps like Expedia, Sicredi, and Correios to trick users into installing the malicious dropper APK files. Once installed, the apps urge users to enable accessibility services to realize their goals."
"It also connects to an external server over TCP on port 9000 to send periodic heartbeat messages containing device information and activate real-time screen capture using Android's MediaProjection API. The main functionality of PixRevolution, though, is the monitoring of the victim's screen and serving a fake overlay as soon as a victim enters the desired amount and the Pix key of the recipient to initiate the payment."
Cybersecurity researchers identified six new Android malware families combining traditional banking trojans and remote administration tools. PixRevolution specifically targets Brazil's Pix instant payment platform, hijacking money transfers in real-time by routing funds to attackers instead of intended recipients. The malware operates stealthily until victims initiate transactions, with human or AI operators actively monitoring screens to intercept payments. Distribution occurs through fake Google Play Store listings for apps like Expedia and Sicredi, tricking users into installing malicious dropper APK files. Once installed, the malware requests accessibility service permissions, connects to external servers via TCP port 9000, and captures real-time screen data using Android's MediaProjection API. During Pix transfers, it displays fake overlays while replacing recipient Pix keys with attacker credentials.
Read at The Hacker News
Unable to calculate read time
Collection
[
|
...
]