A new cell phone virus manages to divert users’ money via Pix without leaving a trace, according to cybersecurity company Kaspersky. The fraud was detected in December and is already the second most registered in Latin America, only behind the ghost hand scam virus, which was also pioneered by Brazilian hackers.
The New Method
During a Pix transaction, the virus change the recipient and the value of the transfer that will be made by the user in the step before requesting the password. A few easy-to-mis signs appear: the screen shakes and slow loading times.
By using this tactic, scammers can take up to 95% of the account balance in a single move.
Second Most Common in Latin America
Although restricted to the country, this scam is already the second most registered in all of Latin America. The malicious program accounts for 1,385 scam records in 2023.
How it Works
Hackers invade cell phones via fake notifications and applications, mainly on devices that use the Android operating system. An announcement of a WhatsApp update appears, but it redirects to a simulation of the messaging app, a “fake” version. Anyone who downloads the “Whats App v2.5 Update” program is compromised.
After invading the device, a malicious program gains access to sensitive data in the accessibility options — features that help people with sensory or movement disabilities, such as text reader and automatic click.
Based on this information, the software spies on the user’s routine and triggers the virus when it thinks the user is going to access the bank’s app. After the fraud, the virus is automatically removed, leaving no clear traces of the attack.
How to Prevent
Be suspicious of any notification that asks for “access to accessibility options.” This goes for both browser and application requests.