PixStealer
Description
(Check Point) The PixStealer malware’s internal name is “Pag Cashback 1.4″. It was distributed on Google Play as a fake PagBank Cashback service and targeted only the Brazilian PagBank. The package name com.pagcashback.beta indicates the application might be in the beta stage. PixStealer uses a “less is more” technique: as a very small app with minimum permissions and no connection to a C&C, it has only one function: transfer all of the victim’s funds to an actor-controlled account. With this approach, the malware cannot update itself by communicating with a C&C, or steal and upload any information about the victims, but achieves the very important goal: to stay undetectable.
Names
| Name |
|---|
| PixStealer |
| BrazKing |
Category
Malware
Type
- Banking trojan
- Info stealer
- Credential stealer
Information
- https://research.checkpoint.com/2021/pixstealer-a-new-wave-of-android-banking-trojans-abusing-accessibility-services/
- https://securityintelligence.com/posts/brazking-android-malware-upgraded-targeting-brazilian-banks/
Malpedia
Other Information
Uuid
57ed45f3-db97-4bb6-a5f6-cb83a1f0fc16
Last Card Change
2022-12-27