The mobile malware landscape in Latin America, particularly in Brazil, has recently gained attention due to the emergence of malicious families like Brata and Amextroll, which have expanded their reach to Europe. One notable addition to this threat landscape is BrasDex, a sophisticated multi-platform malware campaign targeting Brazilian users. BrasDex, a novel Android malware, has been actively operating for over a year, initially disguising itself as Android settings applications to target Brazilian banking apps. However, its latest campaign takes a more deceptive approach, masquerading as the Banco Santander BR application while still targeting the same subset of applications as its previous iterations. The campaign has inflicted significant financial damage, causing losses estimated in the hundreds of thousands of Brazilian Reals (R$), equivalent to tens of thousands of USD.
One distinguishing feature of BrasDex is its employment of Accessibility Services to exploit keylogging capabilities within targeted applications. Unlike traditional overlay attack methods, which have been prevalent for years, BrasDex leverages Accessibility Services to record user inputs, specifically targeting a set of Brazilian apps. This shift towards a more streamlined and flexible approach aligns with the evolving trend observed in the past year, where malware families are abandoning overlays in favor of leaner solutions.
BrasDex not only captures login credentials but also extracts critical information such as account balances. Using a technique known as Device Takeover (DTO), cybercriminals gain control over infected devices, enabling them to carry out fraudulent transactions using the stolen data. What sets BrasDex apart from other malware families is its incorporation of an Automated Transfer System (ATS). This functionality allows the malware to autonomously utilize the stolen information to initiate fraudulent transactions, enhancing the efficiency and scalability of the entire infection and fraud chain.
BrasDex Android Malware Signatures
Family: Trojan-Spy.AndroidOS.Brasdex
MD5: 172e3fbeb315f6c4d9e7cfa7fd18d67e
SHA256: 7747a9912e2605b64430a27e3c5af3556c26b4cb04c7242ca4e2cad5b6b33363
BrasDex Android Malware Download