Android malware 'BrazKing' returns as a stealthier banking trojan

silversurfer

Level 85
Thread author
Verified
Honorary Member
Top Poster
Content Creator
Malware Hunter
Well-known
Aug 17, 2014
10,057
The BrazKing Android banking trojan has returned with dynamic banking overlays and a new implementation trick that enables it to operate without requesting risky permissions.
A new malware sample was analyzed by IBM Trusteer researchers who found it outside the Play Store, on sites where people end up after receiving smishing (SMS) messages.
These HTTPS sites warn the prospective victim that they are using an outdated Android version and offer an APK that will allegedly update them to the latest version.
BrazKing's evolution shows that malware authors quickly adapt to deliver stealthier versions of their tools as Android's security tightens up.
The ability to snatch 2FA codes, credentials, and take screenshots without hoarding permissions makes the trojan a lot more potent than it used to be, so be very careful with APK downloads outside the Play Store.
According to the IBM report, BrazKing appears to be operated by local threat groups, as it is circulating on Portuguese-speaking websites.
 

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top