IBM Trusteer researchers have discovered the reemergence of the BrazKing Android banking trojan with a novel implementation trick and new banking overlays, The Hacker News
The updated BrazKing malware has been leveraging access to Android device's 'Accessibility Service' to enable program-based screen dissection, execute keylogger capabilities, and perform remote access trojan capabilities, as well as read SMS and contact lists without the necessary permissions, according to researchers.
The report also showed that BrazKing has replaced 'getinstalledpackages' API
requests with the new screen dissection feature, as well as stopped the use of 'System_Alert_Window' permission in overlaying. Meanwhile, internal resources are being secured by BrazKing through the application of an XOR operation done by a hardcoded key encoded with Base64. BrazKing has also been observed to quickly tap on devices Home or Back buttons when users attempt malware deletion.
The findings indicate the evolving techniques of malware authors in better concealing their tools amid stronger Android security measures, said researchers.