An investigation conducted by cybersecurity experts at Kaspersky in Brazil has unveiled a new type of financial scam that can redirect a PIX transfer. Since January 2023, the company has detected over 6,300 attacks of this kind, making it the second most blocked scam in the country. Criminals need to infect their victims’ mobile phones with banking trojans in order to carry out the fraud.
The investigation found that gaming apps were being used as a disguise to entice victims to download them by offering prizes. However, experts warn that any popular app can serve as a disguise, and these fake apps are often found outside of official stores.
Once installed, the banking trojan requests accessibility permission, which is a tool present on all Android devices and is used by people with physical disabilities. The virus presents a “update” message from the fake app to convince the person to grant this permission, which is essential for the scam to occur.
“When a PIX transfer is made, the ATS malware will lock the screen at the ‘processing transfer’ step. While the person waits, the virus clicks ‘back’ and changes the recipient and transfer amount. This switch happens quickly because the entire process is automated. When the screen returns for the account holder to enter the password, the switch has been made,” explains Fabio Marenghi, senior analyst at Kaspersky in Brazil.
Marenghi also clarifies that the malware is capable of carrying out the fraud even when the phone’s screen is off. “Phantom hand” is a scam where the criminal manually commits the fraud. By automating the task, the criminal can focus 100% of their efforts on infecting new victims, thereby increasing their profits.
To avoid falling victim to this scam, Kaspersky experts recommend the following:
– Only download apps from official stores: Although there can still be malicious apps in official stores, the chances of being deceived are much lower. Additionally, these companies remove malicious apps, making it more difficult for criminals. Unofficial stores do not provide the same level of security and the website can be fake.
– Never grant accessibility permission: Modern banking trojans require this authorization to function, but it is only necessary for those with physical limitations. Therefore, if an app requests this permission, there is a high chance it’s a scam.
– Enable two-factor authentication (2FA): Protect your online accounts, especially those linked to payment methods, with 2FA.
By following these precautions, individuals can help protect themselves against the growing threat of financial scams.