PixPirate

Description

(Cleafy) PixPirate belongs to the newest generation of Android banking trojan, as it can perform ATS (Automatic Transfer System), enabling attackers to automate the insertion of a malicious money transfer over the Instant Payment platform Pix, adopted by multiple Brazilian banks.

PixPirate appears to have the following features, primarily achieved by abusing Accessibility Services, such as:

  • Ability to intercept valid banking credentials and perform ATS attacks on multiple Brazilian banks via Pix payments
  • Ability to intercept/delete SMS messages
  • Preventing uninstall
  • Malvertising

Names

Name
PixPirate

Category

Malware

Type

  • Banking trojan
  • Credential stealer

Information

Malpedia

Other Information

Uuid

a018b937-90ca-4998-be1a-3084ddac445e

Last Card Change

2024-03-14