BrasDex - New Android Malware by Casbaneiro Actors

Diving into details

• The multi-platform campaign is targeting both mobile and desktop users, accounting for thousands of infections.
• BrasDex possesses a complicated keylogging capability that abuses Android Accessibility Services and pilfers credentials from a set of Brazilian apps.

More on BrasDex

• In this campaign, the Android trojan poses as a banking app for Banco Santander BR, although it is still targeting the same subset of apps as initially.
• It has moved away from the conventional overlay attack mechanism, similar to various malware families, eliminating the need for continuous update and extra downloaded data. 
• Apart from logging credentials, the malware can log account balance and use it to perform device takeover.
• Its ATS capabilities allow it to use stolen information to initiate automated fraudulent transactions, rendering the infection chain scalable and flexible.

Beware of these Android malware

• The most recent incident is threat actors using a darknet platform, called Zombinder, to bind malicious payloads to legitimate Android apps. Some of the Android malware delivered this way include Ermac, Sova, Xenomorph, Aurora, Laplas clipper, and Erbium stealer. 
• Earlier this month, a set of malicious apps, dubbed Schoolyard Bully Trojan, was found posing as reading and education apps on the Google Play Store and third-party app stores. The trojan is capable of stealing information from victims’ Facebook accounts.

The bottom line