A new Android malware called BrasDex was exposed to users in Brazil as part of a multi-platform campaign. The malware targets a series of Brazilian applications and high-performance Automated Transfer System (ATS) engines in an ongoing multi-platform campaign.
Diving into Details
BrasDex, a trojan for Android, was developed by the attackers who created the Casbaneiro malware for Windows banking.
- The multi-platform campaign targeted both mobile and desktop users and resulted in thousands of infections.
- BrasDex has a sophisticated keylogging feature that abuses Android accessibility services and steals credentials from a series of Brazilian apps.
Learn more about BrasDex
Operating for over a year, BrasDex previously mimicked Android install apps and targeted Brazilian banking apps.
- In this campaign, the Android Trojan presents itself as a banking application for Banco Santander BR, although it still targets the same group of applications as the original.
- It eliminated the usual overlay attack mechanism, similar to other malware families, thus eliminating the need to constantly update and download additional data.
- In addition to logging credentials, malware can record account balances and use it to perform device takeovers.
- Its ATS capabilities allow it to use stolen information to initiate fraudulent transactions automatically, making the infection chain scalable and flexible.
Beware of these Android malware.
- The latest incident involved attackers using a dark web platform called Zombinder to link malicious payloads to legitimate Android apps. Some Android malware delivered this way include Ermac, Sova, Xenomorph, Aurora, Laplas clipper, and Erbium Stealer.
- Earlier this month, a suite of malicious apps dubbed the Schoolyard Bully Trojan appeared masquerading as reading and learning apps on the Google Play Store and third-party app stores. Trojans can steal information from victims’ Facebook accounts.
Conclusion
The emergence of BrasDex and new features in Android malware highlight the importance of fraud detection and prevention mechanisms. BrasDex and Casbaneiro form a dangerous pair as they allow the developer to attack both his Android and Windows devices at scale.