Android owners warned of a bank heist hiding in plain sight on phones
ANDROID owners have been warned that an invisible bank thief could be hiding in plain sight on their phones.
A banking Trojan malware known as PixPirate has been discovered on phones without an app icon, making it impossible for the untrained eye to detect until victims see their money gone.
Cyber experts at Cleafy TIR first documented the threat last month and discovered that it targeted Latin American banks.
Smartphone owners can usually tell if they have installed a malicious app because an icon will appear on their home screen.
However, PixPirate does not use an app icon.
This allowed hidden malware to become prevalent on Android phones, even on handsets running the latest Android 14 software.
In a separate study by IBM’s security firm Trusteer, researchers explain that this new version of PixPirate versions uses two different platforms that work together to steal information from devices.
The first is the ‘downloader’ that victims accidentally install from phishing messages they receive via WhatsApp or SMS.
The ‘downloader’ app requests invasive permissions when users install it, which, if they approve, allows the app to install a second app containing the banking malware.
Silent fraud
PixPirate has remote access capabilities, meaning hackers can force actions on a device without the owner’s knowledge or consent.
Most read in Phones and gadgets
This allowed the malware to steal banking information and two-factor authentication codes to conduct unauthorized money transfers.
Android owners are advised to exercise caution when installing apps and clicking links in messages.
Links to avoid are Android Package Files (APKs), which are used to cloak PixPirate.
A Google spokesperson told Bleeping Computer that the malware does not appear in the apps on Google Play.
This suggests that Android owners download the app exclusively from third-party sources – a process that is frowned upon due to security concerns.
“Based on our current detections, no apps containing this malware have been found on Google Play,” the spokesperson said.
“Android users are automatically protected against known versions of this malware by Google Play Protect, which is enabled by default on Android devices with Google Play Services.
“Google Play Protect can warn users or block apps known to exhibit malicious behavior, even if those apps come from sources outside of Play.”
Must-have Android tips to boost your phone
Get the most out of your Android smartphone with these little-known hacks: