Android malware BrazKing returns as a stealthier banking trojan


Android malware BrazKing returns as a stealthier banking trojan

The Android banking trojan BrazKing has returned with dynamic banking overlays and a new implementation trick that allows it to operate without seeking potentially dangerous permissions.


A new malware sample was analyzed by researchers who found it outside the Play Store, on sites where people end up after receiving smishing (SMS) messages. These HTTPS sites warn the prospective victim that they are using an outdated Android version and offer an APK that will allegedly update them to the latest version.


In the previous version, BrazKing abused the accessibility service to detect which app the user opened. When the malware detected the launch of a targeted banking app, it used to pull an overlay screen from a hardcoded URL and present it on top of the legitimate app.


BrazKing no longer uses the ‘getinstalledpackages’ API request as it used to but instead uses the screen dissection feature to view what apps are installed on the infected device. When it comes to overlaying, BrazKing now does it without the ‘System_Alert_Window’ permission, so it can’t overlay a fake screen on top of the original app as other trojans do.


The ability to snatch 2FA codes, credentials, and take screenshots without hoarding permissions makes the trojan a lot more potent than it used to be, so be very careful with APK downloads outside the Play Store.


According to the report, BrazKing appears to be operated by local threat groups, as it is circulating on Portuguese-speaking websites.


Copyright @1999-2022 - All rights reserved.
Reproduction in whole or in part in any form or medium without express written permission of Kalinga Digital Media Pvt. Ltd. is prohibited.
Other Initiatives : |