Android owners warned of bank-raiding attack that’s found a new way to hide in plain sight on their phones

ANDROID owners have been warned that an invisible bank thief could be hiding in plain sight on their phones.

A banking trojan malware, known as PixPirate, has been discovered on phones without an app icon – making it impossible to detect by the untrained eye until victims see their cash is gone.

The malware can steal bank details and two-factor authentication codes to make unauthorised money transfers

1

The malware can steal bank details and two-factor authentication codes to make unauthorised money transfersCredit: Getty

Cyber experts at Cleafy TIR first documented the threat last month, where they found it had been targeting Latin American banks.

Typically, smartphone owners can spot if they have installed a malicious app because an icon will appear on their home screen.

However, PixPirate does not use an app icon.

This has allowed hidden malware to run rampant on Android phones – even on handsets with the latest Android 14 software.

In a separate investigation by IBM’s security company Trusteer, researchers explain that this new version of PixPirate versions uses two different platforms that work together to steal information from devices.

The first is the ‘downloader’ that victims accidentally install from phishing messages received via WhatsApp or text.

The ‘downloader’ app requests invasive permissions when users install it, which, if they approve, will allow the app to install a second app which carries the banking malware.

Silent fraud

PixPirate has remote access capabilities, meaning hackers can force actions on a device without the owners knowledge or consent.

Most read in Phones & Gadgets

It’s this that has allowed the malware to steal bank details and two-factor authentication codes to make unauthorised money transfers.

Android owners have been urged to be cautious when installing apps and clicking links in messages.

Links to avoid are Android Package Files (APKs) which are what are used to disguise PixPirate.

A Google spokesperson told Bleeping

Read More ...