UA new type of banking virus aimed at Android devices targets Brazilian users and uses the Pix system to siphon money almost immediately. According to a report from Zimperium, the malware, called PixRevolution, is capable of interfering with transfers at the exact moment they are being made.
According to Zimperium, PixRevolution integrates a new generation of financial trojans created specifically to exploit Pix in Brazil. Classified as an “agent-operated Android trojan”, this type of malware allows an operator to monitor and interact with the victim’s device in real time. The campaign targets applications from popular financial institutions, such as Nubank, Itaú Unibanco, Banco do Brasil, Caixa Econômica Federal, Santander Brasil, PicPay, PagSeguro, Sicredi and XP Investimentos.
The attack combines espionage with active control of the device. Using Android’s accessibility permissions, the virus can read content displayed on the screen, monitor interactions and even execute commands automatically. Among the techniques used are screen overlay, credential capture, notification interception and automation within banking applications.
The infection usually starts with fake applications that imitate well-known services, such as Expedia, Correios or even official institutions, as well as other names used as bait. These apps deceive the user and facilitate the installation of malware. In practice, the virus not only observes, but also performs actions, being able to fill in data and confirm transactions without the victim noticing.
Fernando Serto, Field CTO at Akamai, explains this behavior: “financial malware is designed to monitor user behavior and is only activated when it identifies a sensitive action, such as opening a banking application or even during the start of a transaction via Pix.”
One of the most critical aspects is acting in real time. The operator can monitor the transaction and intervene exactly at the time of confirmation, changing data or redirecting values. “As Pix is an instant payment method, the attack happens within a very short time, reducing the chances of reversal”, says Serto. He adds: “The attacks start from the victim’s own device and use valid credentials, within an expected flow, reducing signs of anomalies.”
Despite the sophistication, the infection still largely depends on user action, usually through social engineering. “Today, a combination of both models is possible, but the initial infection still depends heavily on social engineering,” reinforces the expert.
The difficulty of detection is linked to the fact that the scam occurs during legitimate actions. “For example, user behavior today is increasingly guided by speed and fluidity, which even our research shows are the main factors when choosing a bank. And attacks take advantage of precisely this dynamic”, he explains.
Even so, signs such as slowness, unknown apps, unusual permission requests and suspicious financial transactions may indicate infection. To protect yourself, it is recommended to avoid applications outside of official stores, be wary of links and review permissions, especially accessibility ones. It is also essential to keep your cell phone updated and pay extra attention during transactions via Pix.
Source: www.noticiasaominuto.com.br
Source link
