If you have an Android phone in your pocket then it’s well worth checking the Settings menu and making sure Google’s in-built security protection is switched on. That’s the latest warning issued to users after the discovery of a vicious new threat – names PixPirate – that uses a worrying technique to secretly watch phones and steal sensitive data including bank account details.
Once this scary PixPirate malware is installed it can even remotely view every swipe on the display, all applications launched during the day and what’s being punched in on the keyboard.
The team at IBM Trusteer, who first spotted the cyber bug, say this threat is constantly mutating making it harder to control and block from attacking devices.
One of its key aims is to steal bank account credentials and, to improve its success rate, it’s even come up with a way of manipulating two-factor authentication text messages sent by financial institutions.
These unique codes are often used to make sure the person accessing an account is the owner and not a scammer but the bug is able to edit and delete the victim’s SMS messages.
“PixPirate abuses the accessibility service to gain RAT capabilities, monitor the victim’s activities and steal the victim’s online banking credentials, credit card details and login information of all targeted accounts,” explained IBM Trusteer. “If two-factor authentication (2FA) is needed to complete the fraudulent transaction, the malware can also access, edit and delete the victim’s SMS messages, including any messages the bank sends.”
So how do you avoid becoming the next victim?
It seems that most of the attacks to have taken place are in Brazil with users infected via fake dodgy text messages and fake WhatsApp chats. These are sent to devices with a link included which then contains the PixPirate bug.
Luckily, it’s been confirmed that no apps on Google’s Play Store have so far been infected. However, that doesn’t mean UK Android users should let their guard down as these things can spread at speed.
Google says as long as users have Play Protect initiated on their device they should be safe. “Based on our current detections, no apps containing this malware are found on Google Play,” Google said in a statement sent to Bleeping Computer.
“Android users are automatically protected against known versions of this malware by Google Play Protect, which is on by default on Android devices with Google Play Services.
“Google Play Protect can warn users or block apps known to exhibit malicious behaviour, even when those apps come from sources outside of Play. “
How to turn Google Play Protect on or off
Important: Google Play Protect is on by default, but you can turn it off. For security, we recommend that you always keep Google Play Protect on.
• Open the Google Play Store app Google Play.
• At the top right, tap the profile icon.
• Tap Play Protect and then Settings Settings.
• Turn Scan apps with Play Protect on or off.