PixPirate: Malware Stealing Banking Passwords


The Central Bank of Brazil has introduced Pix, an instant payment platform that has quickly gained popularity with over 100 million registered accounts. However, this sudden rise in adoption has also attracted the attention of cyber criminals, who have now developed a new strain of mobile malware that targets the Pix platform. This malware, known as PixPirate, has the ability to steal sensitive data and commit fraud against Pix users.

Working of PixPirate

PixPirate is the most recent generation of Android banking trojans that can use the Automatic Transfer System (ATS) to execute malicious money transfers over the Pix platform. It disguises itself as a trusted application while delivering its harmful payload behind well-known names and icons. The malware uses a dropper application to download and install itself, immediately trying to enable accessibility services that it persistently requests with fake pop-ups until the victim agrees.

- Advertisement -

Stealing Sensitive Data

The android banking malware takes advantage of the accessibility services API to perform its malicious tasks, including disabling Google Play Protect, intercepting SMS messages, preventing uninstallation, and delivering fake advertisements via push notifications. PixPirate steals banking passwords by using one of its JavaScript modules and Android accessibility features. It is able to distinguish the various UI elements of the bank’s activity and the password element displayed on the screen through Accessibility Services and takes the user’s password if it notices any changes to the password input text.


The PixPirate malware is a serious threat to the millions of users of the Pix platform, and it is essential for users to be aware of this threat and take the necessary precautions to protect themselves. Cybersecurity researchers are closely monitoring the situation, but it is recommended that users regularly update their device software, be cautious of downloading unknown applications, and frequently change their passwords to avoid falling victim to this dangerous malware.

 | Website

Dimitris is an Information Technology and Cybersecurity professional with more than 20 years of experience in designing, building and maintaining efficient and secure IT infrastructures.
Among others, he is a certified: CISSP, CISA, CISM, ITIL, COBIT and PRINCE2, but his wide set of knowledge and technical management capabilities go beyond these certifications. He likes acquiring new skills on penetration testing, cloud technologies, virtualization, network security, IoT and many more.

Exit mobile version