Android Malware Target Pix Payments, Banking Apps, and Crypto Wallets

[Myleschetty]

New Malware called BeatBanker was detected. It was said to target  Pix payments, banking apps, and crypto wallets using a multi-layered distribution strategy built on impersonation and trust, while it also has a banking module that monitors the following browsers installed on the victim’s Android device.

Chrome
Firefox
sBrowser
Brave
Opera
DuckDuckGo
Dolphin Browser
Edge

Attackers were said to create fake Google Play Store hosted using the domains they control. The Google Play Store pages are perfect replicas of legitimate Play Store listings, with complete apps, descriptions, ratings, and the “Install” button. The difference is that instead of directing users to the real Play Store, the button downloads a malicious APK.
Note: If you get this response or APK download when trying to install an app using Google Play Store, it's the BeatBanker. Although the attacker was said to currently focus on Brazil, that doesn't mean they won't shift attack location as we speak.


The BeatBanker malware allows attackers to watch the victim's screen in real time and navigate it. They see the victim type in a recipient's PIX key and similar details.

When the user tries to make a transaction, BeatBanker creates overlay pages for Binance, Trust Wallet, etc, covertly replacing the destination address with its own wallet address.


Source

[Charles-Tim]

I do not login on my browser, so anytime I want to download an app through the Playstore, I will be required to login but I do not prefer to login because copy/paste the app on the Playstore app to search for the app to download it is faster than to first try to login first on the browser while I have already login on the Playstore app.

I did not know this could have been helping. I will continue to download directly from the Playstore app directly. Also I can be taken from the browser to Playstore where I login to download the app.

I know that there can be fake apps also on the legit Playstore.

[r_victory]

If people aren't paying attention, they can easily fall for scams like this. In the image showing the supposedly legitimate app, the word "refund" is misspelled. It might not mean anything to many, but to me it's already a sign of haste or carelessness, which would make me question the app's legitimacy. It's quite convenient that it's an INSS (Brazilian National Social Security Institute) app mentioning refunds, especially during a delicate time when the agency is facing the scandal of billions being diverted from retirees' accounts; it's very difficult not to fall for it. Luckily, it's already been discovered.

[AVE5]

Of all times I've been using Android mobile phones, I've never downloaded the google play by myself because it's already modified and installed in the device.
Maybe it should be some certain lower model or brands of the android which doesn't come with the pre-installed Apk that would require the need of the users to manually download it themselves. I'm just trying to say that users who doesn't have to download this malware apk in their device can be free from the threat.

When the user tries to make a transaction, BeatBanker creates overlay pages for Binance, Trust Wallet, etc, covertly replacing the destination address with its own wallet address.

This is a very technical scheme that after pasting the required wallet address, the scammers having access to monitor your device screen can just change the address at their end while transaction is still on process. Definitely users who aren't careful enough would always fall victims to this trick.
Thanks for sharing Op.

[rdluffy]

I was very curious about the title mentioning PIX, since this payment method is from Brazil

From what I could understand, the app is installed by a supposed application from Brazil's National Social Security Institute (INSS)
What makes me sad and apprehensive is that those who seek out this government agency are usually elderly people or people who are away from work, retired, etc

There is a good chance that it will affect a large number of people, and if they are elderly, it is even worse
A person without much information may download this apk and install it without realizing what they are doing