Endpoint/Device Security

Novel technique helps PixPirate Android banking trojan circumvent detection

Android banking trojan
 PixPirate has been updated to enable the concealment of the malicious app delivering the malware from targeted devices to facilitate stealthier intrusions across Brazil, The Hacker News reports.

While attacks continued to involve the distribution of a downloader app with the primary payload through WhatsApp and SMS, threat actors have modified the app's droppee to hide the app's icon from compromised devices' home screens and later enable execution through the various receivers that have been registered to ensure persistence, a report from IBM revealed. "This technique allows the PixPirate droppee to run and hide its existence even if the victim removes the PixPirate downloader from their device," said researcher Nir Somech. Such findings follow another IBM report detailing novel Fakext malware attacks against over a dozen banks across Latin America that involved the exploitation of the SATiD Microsoft Edge extension for web injection and man-in-the-browser intrusions since November.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.