Android Malware Target Pix Payments, Banking Apps, and Crypto Wallets

[Myleschetty]

New Malware called BeatBanker was detected. It was said to target  Pix payments, banking apps, and crypto wallets using a multi-layered distribution strategy built on impersonation and trust, while it also has a banking module that monitors the following browsers installed on the victim’s Android device.

Chrome
Firefox
sBrowser
Brave
Opera
DuckDuckGo
Dolphin Browser
Edge

Attackers were said to create fake Google Play Store hosted using the domains they control. The Google Play Store pages are perfect replicas of legitimate Play Store listings, with complete apps, descriptions, ratings, and the “Install” button. The difference is that instead of directing users to the real Play Store, the button downloads a malicious APK.
Note: If you get this response or APK download when trying to install an app using Google Play Store, it's the BeatBanker. Although the attacker was said to currently focus on Brazil, that doesn't mean they won't shift attack location as we speak.


The BeatBanker malware allows attackers to watch the victim's screen in real time and navigate it. They see the victim type in a recipient's PIX key and similar details.

When the user tries to make a transaction, BeatBanker creates overlay pages for Binance, Trust Wallet, etc, covertly replacing the destination address with its own wallet address.


Source

[Charles-Tim]

I do not login on my browser, so anytime I want to download an app through the Playstore, I will be required to login but I do not prefer to login because copy/paste the app on the Playstore app to search for the app to download it is faster than to first try to login first on the browser while I have already login on the Playstore app.

I did not know this could have been helping. I will continue to download directly from the Playstore app directly. Also I can be taken from the browser to Playstore where I login to download the app.

I know that there can be fake apps also on the legit Playstore.

[r_victory]

If people aren't paying attention, they can easily fall for scams like this. In the image showing the supposedly legitimate app, the word "refund" is misspelled. It might not mean anything to many, but to me it's already a sign of haste or carelessness, which would make me question the app's legitimacy. It's quite convenient that it's an INSS (Brazilian National Social Security Institute) app mentioning refunds, especially during a delicate time when the agency is facing the scandal of billions being diverted from retirees' accounts; it's very difficult not to fall for it. Luckily, it's already been discovered.