A new Android malware, dubbed BrasDex, was spotted targeting Brazilian users as part of a multi-platform campaign. The malware targeted a set of Brazilian apps, as well as a highly capable Automated Transfer System (ATS) engine, as part of an ongoing multi-platform campaign.
Diving into details
BrasDex, the Android trojan has been developed by the threat actor behind the Casbaneiro Windows banking malware.
The multi-platform campaign is targeting both mobile and desktop users, accounting for thousands of infections.
BrasDex possesses a complicated keylogging capability that abuses Android Accessibility Services and pilfers credentials from a set of Brazilian apps.
More on BrasDex
Active for over a year, BrasDex previously impersonated Android settings apps and targeted Brazilian banking apps.
In this campaign, the Android trojan poses as a banking app for Banco Santander BR, although it is still targeting the same subset of apps as initially.
It has moved away from the conventional overlay attack mechanism, similar to various malware families, eliminating the need for continuous update and extra downloaded data.
Apart from logging credentials, the malware can log account balance and use it to perform device takeover.
Its ATS capabilities allow it to use stolen information to initiate automated fraudulent transactions, rendering the infection chain scalable and flexible.
Earlier this month, a set of malicious apps, dubbed Schoolyard Bully Trojan, was found posing as reading and education apps on the Google Play Store and third-party app stores. The trojan is capable of stealing information from victims’ Facebook accounts.
The bottom line
The emergence of BrasDex and new functionalities in Android malware highlight the importance of fraud detection and prevention mechanisms. BrasDex and Casbaneiro form a dangerous pair since they allow their developers to target both Android and Windows devices on a large scale.