ETDA สำนักงานพัฒนาธุรกรรมทางอิเล็กทรอนิกส์
Electronic Transactions Development Agency
Report
Search
Home > List all groups > List all tools > List all groups using tool PixStealer

Threat Group Cards: A Threat Actor Encyclopedia

Permanent link Tool: PixStealer

NamesPixStealer
BrazKing
CategoryMalware
TypeBanking trojan, Info stealer, Credential stealer
Description(Check Point) The PixStealer malware’s internal name is “Pag Cashback 1.4″. It was distributed on Google Play as a fake PagBank Cashback service and targeted only the Brazilian PagBank.
The package name com.pagcashback.beta indicates the application might be in the beta stage.
PixStealer uses a “less is more” technique: as a very small app with minimum permissions and no connection to a C&C, it has only one function: transfer all of the victim’s funds to an actor-controlled account.
With this approach, the malware cannot update itself by communicating with a C&C, or steal and upload any information about the victims, but achieves the very important goal: to stay undetectable.
Information<https://research.checkpoint.com/2021/pixstealer-a-new-wave-of-android-banking-trojans-abusing-accessibility-services/>
<https://securityintelligence.com/posts/brazking-android-malware-upgraded-targeting-brazilian-banks/>
Malpedia<https://malpedia.caad.fkie.fraunhofer.de/details/apk.pixstealer>

Last change to this tool card: 27 December 2022

Download this tool card in JSON format

All groups using tool PixStealer

ChangedNameCountryObserved

Unknown groups

X_[ Interesting malware not linked to an actor yet ]_ 

1 group listed (0 APT, 0 other, 1 unknown)

Digital Service Security Center
Electronic Transactions Development Agency

Follow us on

Facebook Twitter

Report incidents

Telephone +66 (0)2-123-1227
E-mail [email protected]