Breaking

BrazKing Trojan returns to Android and is now immune to Antivirus

The banking Trojan BrazKing has returned with new tricks that would allow it to exist without the approval of security permissions. IBM Trusteer researchers have studied a new malware sample which was discovered outside of Google Play Store and was found being distributed via SMS.

The move is made by warning the targets of outdated Android version and thus offering the payload as a updated APK file. According to a IBM report, this malware is seems to be operated by local threat actors as it seems active on Portuguese speaking websites.

Permission and penetration of BrazKing Trojan

When those SMS are sent, if the user reacts to one and has downloads from unknown sources turned ON, then the malware is deployed into that device and will request for Accessibility further. This accessibility permissions will allow BrazKing Trojan to record screenshots and keystrokes.

Furthermore BrazKing Trojan uses this accessibility service for multiple purposes,

  • If the device is non-rooted then an approval will be required for dissecting the screen programmatically rather than in picture format. If it is a rooted device, then the Trojan already has the approval for it.
  • Manipulating the banking application for tapping buttons.
  • Read SMS, thus an upper hand over OTP authentications.
  • Keylogger capabilities
  • Stealing contact details by sneaking into android.permission.READ_CONTACTS.

Google’s latest edition Android 11 has enhanced the security of apps by categorizing all the installed apps as sensitive data, which is why the banking Trojans need to improve their penetration algorithms as well. Earlier Trojans used to exploit the ‘getinstalledpackages’ API but since the Google enhancement they have updated their technology using screen dissection to figure out the installed apps in those infected devices.

BrazKing Trojan used a similar technology that will overlay a fake screen on top of the banking applications using the ‘System_Alert_Windows’ option. This will allow the attacker to load a fake screen using the accessibility service, and when a banking app is detected, the role of command and control server comes into play delivering a dynamic overlay to steal the credentials.

The attacker can also manipulate and create new login screens as per the original banking apps.

BrazKing Trojan could be hard to erase

Unlike other Trojans which can be detected and removed using a Antivirus solution, BrazKing comes with its own deletion protection that will keep it in the infected device long term. If the user attempts to remove the malware or use a Antivirus solution, the Trojan immediately triggers the ‘Back’ or ‘Home’ button. And the Trojan secures its internal materials using the XOR operation with a hard coded key, and further encapsulates them with Base64.This evolution in malware only proves that the cyber actors are constantly improving their attack vectors thus giving them an advantage even if Google continues to tighten Android’s security posture.

Subscribe to our newsletter for daily alerts on cyber events, you can also follow us on FacebookLinkedinInstagramTwitter and Reddit.

You can reach out to us via Twitter or Facebook, for any advertising requests.

Share the article with your friends
William Marshal

William has been one of the key contributors to 'The Cybersecurity Times' with 9.5 years of experience in the cybersecurity journalism. Apart from writing, he also like hiking, skating and coding.

Recent Posts

Best Microsoft Intune Alternatives: Top 5 MDMs to Consider

Explore the top 5 best Microsoft Intune alternatives, comparing key features, user reviews, and capabilities…

1 day ago

Top 7 Best Smartphones with Best Security Features in 2024

Discover the top 7 smartphones of 2024 with best security features, offering privacy, performance, and…

3 weeks ago

Top 11 Log Management Tools for Efficient System Management

Discover the top 11 log management tools for efficient system management and monitoring. Learn about…

2 months ago

Top 5 Threat Intelligence Tools For 2024

Explore the top 5 threat intelligence tools, their features, and how they enhance cybersecurity against…

2 months ago

Privileged Access Management: 5 Best PAM Solutions in the Market

Explore the top 5 best PAM Tools, market trends, and expert insights to secure the…

2 months ago

Apple Device Management: Top Solutions for iOS and macOS Management

Explore the top solutions for Apple Device Management including to iOS Device Management and macOS…

2 months ago