HQ/EMEAFind out how we can help your business
Brazilian banking users are warned about an ongoing multi-platform threat campaign from threat actors that spread the new BrasDex Android Trojan.
According to reports, this Android Trojan has a complex keylogging system that can abuse a device’s Accessibility Service, leading to data theft from a set of targeted Brazilian apps. BrasDex also features a powerful Automated Transfer System (ATS) engine.
Analysts believe similar threat groups run the BrasDex Android Trojan and another banking malware called Casbaneiro because of its similar campaign blueprint. The Casbaneiro malware is known for targeting banking firms and cryptocurrency services in Brazil and Mexico.
The BrasDex Android Trojan exhibits different threat capabilities.
One of BrasDex’s impersonated banking firms is Banco Santander, with its operators creating a fake mobile app counterpart to abuse Android devices’ Accessibility APIs. This capability allows the trojan to log users’ keystrokes on their devices.
Additionally, the Android trojan can capture victims’ account balance information to use it for taking over infected devices and initiating fraudulent transactions. BrasDex also focuses its attacks on Brazil’s PIX payment platform that most Brazilian users utilise for wiring funds simply through phone numbers or email addresses.
As the analysts deeply investigated BrasDex’s infrastructure, they accessed its command-and-control panel, which its operators use to keep track of victims’ devices and retrieve data logs collected from the compromised Android phones.
The analysts also discovered that the same C2 panel monitors Casbaneiro malware’s activities, including disseminating phishing lures toward targets. This other malware can take over banking accounts, capture screenshots, log keystrokes, steal clipboard data, and function as clipper malware for crypto-related attacks.
If combined, these two malware strains form a dangerous pair that could propagate their campaign toward a larger scale of victims, especially against Android and Windows users.
Because of the threats posed by the new BrasDex Android Trojan, security experts underline the necessity for customer devices to have fraud detection and prevention mechanisms. Users are also advised not to install apps from third-party sources as they might be injected with malware.
