An invisible bank-raiding thief has been hiding on Android phones, and owners of the phones have been warned to be on the lookout. But this may be hard, as the thieves are hiding in plain site.
PixPirate, a banking trojan malware, has been found on Android phones without any app icon, meaning that it’s impossible to detect by the untrained eye. And therefore, cash can be stolen without the victim even knowing who’s stealing it.
How does this work you ask? Well, the malware does this by stealing bank details and two-factor authentication codes, so that it can make unauthorised money transfers.
Smartphone users can usually spot a new malicious app because of its icon appearing on their home screen. But by avoiding this, PixPirate has been able to cause chaos on Android phones, even on the newest Android 14 software.
Advert
Cyber experts at Cleafy TIR noted that PixPirate had been primarily targeting Latin American banks since at least last month.
And in investigations by IBM's security company Trusteer, it was found that the malware uses two different yet coordinated platforms to steal information from devices.
The first is a “downloader” app that can be mistakenly downloaded from phishing messages through WhatsApp or text.
The app then requests certain permissions when users install it, which would allow it to install a second app, one which carries the actual banking malware. And how many of us read the fine print when giving apps permission to do certain things?
Because of PixPirate’s remote access capabilities, hackers can act without a device owner’s consent or even knowledge. Hence the current banking situation.
But now that the malware has begun to be discovered, Android owners are being cautioned to double check when downloading anything or clicking links in any messages.
Specific links that users have been told to avoid include Android Package Files (APKs), which was what PixPirate used to hide itself.
It appears that victims have been mistakenly downloading the app exclusively from third-party sources, as a Google spokesperson has stated that PixPirate is not inside any apps on Google Play:
"Based on our current detections, no apps containing this malware are found on Google Play," the spokesperson announced. "Android users are automatically protected against known versions of this malware by Google Play Protect, which is on by default on Android devices with Google Play Services.”
They added that "Google Play Protect can warn users or block apps known to exhibit malicious behavior, even when those apps come from sources outside of Play."