Two newly discovered malicious Android applications on Google Play Store have been used to target users of Brazil’s instant payment ecosystem in a likely attempt to lure victims into fraudulently transferring their entire account balances into another bank account under cybercriminals’ control.
“The attackers distributed two different variants of banking malware, named PixStealer and MalRhino, through two separate malicious applications […] to carry out their attacks,” Check Point Research said in an analysis shared with The Hacker News. “Both malicious applications were designed to steal money of victims through user interaction and the original PIX application.”
The two apps in question, which were uncovered in April 2021, have since been removed from the app store.
Launched in November 2020 by the Central Bank of Brazil, the country’s monetary authority, Pix is a state-owned payments platform that enables consumers and companies to make money transfers from their bank accounts without requiring debit or credit cards.
PixStealer, which was found distributed on Google Play as a fake PagBank Cashback service app, is designed to empty a victim’s funds to an actor-controlled account, while MalRhino — masquerading as a mobile token app for Brazil’s Inter bank — comes with advanced features necessary to collect the list of installed apps and retrieve PIN for specific banks.
images from Hacker News