New malware demonstrates how threat actors are pivoting toward payment platform attacks, researchers say.

Dark Reading Staff, Dark Reading

February 7, 2023

1 Min Read
Pix payment platform on mobile screen
Source: SOPA Images Limited via Alamy Stock Photo

A new Android banking Trojan called PixPirate is targeting more than 100 million Brazilian Pix instant payment accounts.

The Pix payment platform was created and is operated by the Brazil Central Bank, and it's used to make instant mobile payments across Latin America using a variety of banks.

Researchers with the Cleafy TIR Team — who have been tracking the PixPirate Brazilian banking Trojan since late 2022 — released a report this week detailing PixPirate's intention to steal credentials and deploy its noteworthy automatic transfer system (ATS) used to make automatic fraudulent money transfers. Additionally, by abusing accessibility services, PixPirate also has the flexibility to steal credentials and launch ATS attacks across multiple bank user interfaces using the Pix platform.

The malware also can intercept and delete SMS messages, push malvertising efforts, and contains code protection that attempts to evade detection, the report said.

"PixPirate represents one of the emerging malware that will try and leverage the double edge blade mechanism related to instant payments," the Cleafy team added. "The introduction of ATS capabilities paired with frameworks that will help the development of mobile applications, using flexible and more widespread languages (lowering the learning curve and development time), could lead to more sophisticated malware that, in the future, could be compared with their workstation counterparts."

About the Author(s)

Dark Reading Staff

Dark Reading

Dark Reading is a leading cybersecurity media site.

Keep up with the latest cybersecurity threats, newly discovered vulnerabilities, data breach information, and emerging trends. Delivered daily or weekly right to your email inbox.

You May Also Like


More Insights