Malware that steals data from Android
Cybersecurity researchers said that a banking trojan malware called PixPirate is hidden in Android operating system smartphones and is active on the phone. Even after deleting the app through which this malware entered the phone, it is still hiding in the phone and stealing data. It steals user information from being active inside the phone.
The TIR team at cybersecurity
firm Clefi discovered the Android malware last month. According to their
research, this malware is being used to attack various banks in Latin America.
Klefi Cybersecurity – Researchers say the malware enters the device through
another app. However, it did not reveal any information about how the malware
remains active on the device while hidden.
According to a report by IBM,
PixPirate does not use the technique of not displaying icons on devices like
other malware. Android 10 to 14 operating systems do not have the option of not
displaying app icons. For this, no app icon is used in PixPirate app. As a
result, the app is invisible to the user in all Android operating systems.
IBM researchers say PixPirate exploits two versions of the app to steal data from devices. Downloader app is downloaded on the phone through Android or APK file. The downloaded app takes permission to collect various phone data. This then downloads and installs a second app called Droppy. This is what is hidden in the phone. As a result, its existence is not felt. It then connects to the first app and steals data. The downloaded app is usually spread in APK files through phishing links on WhatsApp and SMS.
Source: Bleeping Computer