BrazKing Android Trojan Attacks Rampant in Latin America

The BrazKing Android Malware is one of the dangerous banking Trojans to come out of Latin America and, in particular, Brazil. This threat was first seen months ago, and since then it has been actively targeting Android users in the region. However, it seems that its operators were not satisfied with what they already had – apparently, a major new variant of the BrazKing Android Banking Trojan has been identified. The threat makes use of overlay attacks in order to harvest login credentials, and two-factor authentication (2FA) codes from its victims. According to security experts, this is unlikely to be the last change that BrazKing Android Malware sees – Latin American threat actors tend to regularly enhance their payloads.

How Does BrazKing Android Malware Operate?

Previous iterations of the banking Trojan abuses the Android Accessibility Service to spy on the user's activity. If the user happened to open of the apps or websites that the criminals target, it would pull an overlay from a hardcoded URL corresponding to the targeted service. The new version, however, has enhanced this process. The malware now contacts the attacker's server for the latest version of the overlay, and then shows it on the user's screen. This change also grants the attackers better control over the rest of the attack – for example, credential grabbing does not happen automatically. The criminals must activate it themselves.

The aforementioned measures is meant to ensure that the BrazKing Android Malware will not be run in emulators or sandboxes used for malware analysis – the criminals can stop the attack if they detect something out of the ordinary.  

Other BrazKing Android Malware features include the ability to:

  • Log keystrokes by reading the screen input.
  • Grab screenshots of specific sections of the display.
  • View text messages, and intercept new SMS>
  • Fetch the victim's list of contacts.

Last but not least, the threat's propagation appears to happen through Web-based scams. There is not enough information to determine what Web pages distribute these, but they are likely to be related to pirated content, fake updates, and other low-quality content. The BrazKing Android Malware Pop-Ups urge users to enhance their device's security by updating their system – however, the update is the BrazKing Android Malware payload.

Android users should keep their devices safe from such attacks by utilizing reputable antivirus apps at all times.

November 18, 2021
Loading...

Cyclonis Backup Details & Terms

The Free Basic Cyclonis Backup plan gives you 2 GB of cloud storage space with full functionality! No credit card required. Need more storage space? Purchase a larger Cyclonis Backup plan today! To learn more about our policies and pricing, see Terms of Service, Privacy Policy, Discount Terms and Purchase Page. If you wish to uninstall the app, please visit the Uninstallation Instructions page.

Cyclonis Password Manager Details & Terms

FREE Trial: 30-Day One-Time Offer! No credit card required for Free Trial. Full functionality for the length of the Free Trial. (Full functionality after Free Trial requires subscription purchase.) To learn more about our policies and pricing, see EULA, Privacy Policy, Discount Terms and Purchase Page. If you wish to uninstall the app, please visit the Uninstallation Instructions page.