ANDROID owners have been warned that an invisible bank thief could be hiding in plain sight on their phones.
The banking Trojan malware, known as PixPirate, was discovered on phones without an app icon – making it impossible to detect to the untrained eye until victims see they’re out of money.
1
Cyber experts at Cleafy TIR first documented the threat last month, where they discovered it was targeting Latin American banks.
Usually, smartphone owners can tell if they have installed a malicious app because an icon will appear on their home screen.
However, PixPirate does not use an app icon.
This allowed hidden malware to run wild on Android phones – even devices running the latest Android 14 software.
In a separate investigation by IBM security firm Trusteer, researchers explain that this new version of PixPirate uses two different platforms that work together to steal information from devices.
The first is a ‘downloader’ that victims accidentally install from phishing messages received via WhatsApp or SMS.
The ‘downloader’ app requires invasive permissions when users install it, which, if granted, will allow the app to install another app that carries banking malware.
Silent fraud
PixPirate has remote access capabilities, meaning hackers can force actions on a device without the owner’s knowledge or consent.
Most read in Phones & Gadgets
This is what allowed the malware to steal bank details and two-factor authentication codes for unauthorized money transfers.
Android owners are urged to be careful when installing apps and clicking on links in messages.
Links to avoid are Android Package Files (APK) used to cloak PixPirate.
A Google spokesperson told Bleeping Computer that the malware is not found in any apps on Google Play.
This suggests that Android owners are downloading the app exclusively from third-party sources – a process frowned upon for security reasons.
“Based on our current detections, no apps containing this malware have been found on Google Play,” the spokesperson said.
“Android users are automatically protected against known versions of this malware using Google Play Protect, which is turned on by default on Android devices with Google Play Services.
“Google Play Protect can warn users or block apps that are known to exhibit malicious behavior, even when those apps come from sources outside of Play.”
Must-have Android tips to improve your phone
Get the most out of your Android smartphone with these little-known hacks: