menu
techminis

A naukri.com initiative

google-web-stories
source image

Securityintelligence

4w

read

4

img
dot

Image Credit: Securityintelligence

What’s up India? PixPirate is back and spreading via WhatsApp

  • PixPirate is a remote access tool (RAT) malware campaign that recently began infecting users in India via Smishing campaigns and WhatsApp spam messages from infected users.
  • The newer campaign uses a downloader application that prompts the target victim to update the application and install other untrusted apps, which installs the PixPirate droppee malware.
  • Although no Indian banks are targeted specifically by PixPirate, the malware seems to be laying the groundwork for future campaigns in the country.
  • The new campaign includes a new version of the downloader that uses a YouTube video to show targets how to install the malware, which has already been viewed over 78,000 times.
  • The downloader app supports PixPirate's incognito mode that allows the malware to sustain long periods on the victim's device.
  • The malware is activated by the downloader using an API command to find the related droppee app activity holding specific unique action items
  • WhatsApp is an integral part of PixPirate's operations and is used to spread the malware and infect other victims and devices. The malware can disguise itself and read contact lists and block and unblock WhatsApp user accounts.
  • WhatsApp messages are more reliable than SMS messages and tend to be sent from a known contact, which lowers a victim's awareness and makes malicious messages more effective.
  • The long-term consequences of a successful PixPirate infection can be significant and should not be minimized by banks, financial institutions, and businesses.
  • IOCs: Downloader SHA256: 1196c9f7102224eb1334cef1b0b1eab070adb3826b714c5ebc932b0e19bffc55, Droppee SHA256: d723248b05b8719d5df686663c47d5789c323d04cd74b7d4629a1a1895e8f69a.

Read Full Article

like

Like

For uninterrupted reading, download the app