Android banking trojan PixPirate has been updated to enable the concealment of the malicious app delivering the malware from targeted devices to facilitate stealthier intrusions across Brazil, The Hacker News reports.
While attacks continued to involve the distribution of a downloader app with the primary payload through WhatsApp and SMS, threat actors have modified the app's droppee to hide the app's icon from compromised devices' home screens and later enable execution through the various receivers that have been registered to ensure persistence, a report from IBM revealed. "This technique allows the PixPirate droppee to run and hide its existence even if the victim removes the PixPirate downloader from their device," said researcher Nir Somech. Such findings follow another IBM report detailing novel Fakext malware attacks against over a dozen banks across Latin America that involved the exploitation of the SATiD Microsoft Edge extension for web injection and man-in-the-browser intrusions since November.