Subj : This sneaky Android malware has an all-new way to avoid being det To : All From : TechnologyDaily Date : Fri Mar 15 2024 20:45:04 This sneaky Android malware has an all-new way to avoid being detected Date: Fri, 15 Mar 2024 20:39:24 +0000 Description: Or more importantly, how do you remove an app with no icon? FULL STORY ====================================================================== Cybersecurity researchers have found a new version of a well-known Android banking trojan malware which sports quite a creative method of hiding in plain sight. PixPirate targets mostly Brazilian consumers with accounts on the Pix instant payment platform, which allegedly counts more than 140 million customers, and services transactions north of $250 billion. The campaigns goal was to divert the cash to attacker-owned accounts. Usually, banking trojans on Android would try to hide by changing their app icons and names. Often, the trojans would assume the settings icon, or something similar, tricking the victims into looking elsewhere, or simply into being too afraid to remove the app from their device. PixPirate, on the other hand, gets rid of all of that by not having an icon in the first place. Running the malware The big caveat here is that without the icon, the victims cannot launch the trojan, so that crucial part of the equation is left to the attackers. The campaign consists of two apps - the dropper, and the droppee. The dropper is being distributed on third-party stores, shady websites, and via social media channels, and is designed to deliver the final payload - droppee - and to run it (after asking for Accessibility and other permissions). Droppee, which is PixPirates filename, exports a service to which other apps can connect to. The dropper connects to that service, allowing it to run the trojan. Even after removing the dropper, the malware can still run on its own, on certain triggers (for example, on boot, on network change, or on other system events). The entire process, from harvesting user credentials, to initiating money transfer, is automated, and done in the background without the victims knowledge or consent. The only thing standing in the way, the researchers claim, are Accessibility Service permissions. It is also worth mentioning that this method only works on older versions of Android, up to Pie (9). Via BleepingComputer More from TechRadar Pro This nasty new Android malware can easily bypass Google Play security and it's already been downloaded thousands of times Here's a list of the best firewalls around today These are the best endpoint security tools right now ====================================================================== Link to news story: https://www.techradar.com/pro/security/this-sneaky-android-malware-has-an-all- new-way-to-avoid-being-detected --- Mystic BBS v1.12 A47 (Linux/64) * Origin: tqwNet Technology News (1337:1/100) .