Our website publishes news, press releases, opinion and advertorials on various financial organizations, products and services which are commissioned from various Companies, Organizations, PR agencies, Bloggers etc. These commissioned articles are commercial in nature. This is not to be considered as financial advice and should be considered only for information purposes. It does not reflect the views or opinion of our website and is not to be considered an endorsement or a recommendation. We cannot guarantee the accuracy or applicability of any information provided with respect to your individual or personal circumstances. Please seek Professional advice from a qualified professional before making any financial decisions. We link to various third-party websites, affiliate sales networks, and to our advertising partners websites. When you view or click on certain links available on our articles, our partners may compensate us for displaying the content to you or make a purchase or fill a form. This will not incur any additional charges to you. To make things simpler for you to identity or distinguish advertised or sponsored articles or links, you may consider all articles or links hosted on our site as a commercial article placement. We will not be responsible for any loss you may suffer as a result of any omission or inaccuracy on the website.

Cyber Criminals go after Users of Brazil’s #1 Banking Online Payment service: PIX

by jcp
Editorial & Advertiser disclosure

Check Point Research (CPR) discovers cyber attacks on users of PIX, the instant payment system managed by the Brazilian Central Bank. Cyber criminals tricked users into transferring their entire account balances into another bank account, by distributing two malicious applications on Google’s Play Store.

  • Attackers lure victims into installing fake malicious mobile applications
  • Malicious mobile applications trick victims into granting accessibility permissions
  • Once granted, attackers can access the PIX payment system and proceed to steal money
  • The app has since been removed from Google’s Play Store
  • Check Point recommends users remove the malicious apps from their mobile phones immediately

29th September 2021 – Check Point Research (CPR) detected cyber attacks against the users of PIX, the instant payment solution created and managed by the Brazilian Central Bank. The attackers distributed two different variants of banking malware, named PixStealer and MalRhino, through two separate malicious applications on Google’s Play Store to carry out their attacks. Both malicious applications were designed to steal money of victims through user interaction and the original PIX application.

PIX is considered the number one payment solution in Brazil, processing over 40 million transactions a day and moving 4.7 billion dollars a week.

PixStealer Funnels Entire Account Balances to Attacker Accounts

The first variant is dubbed PixStealer. Presented in what CPR calls a “slim” form, the attackers designed PixStealer with only one capability: transfer a victim’s funds to an actor-controlled account. PixStealer’s “slim” presentation is a reference to the variant’s ability to operate without connection to a command and control (C&C) server, fostering ability to go undetected. CPR ultimately found PixStealer being distributed on Google’s Play Store as a fake PagBank Cashback service, targeting only the Brazilian PagBank.

You may also like