Cybercriminals Launch New BrasDex Android Trojan Targeting Brazilian Banking Users

The threat actors behind the Windows banking malware known as Casbaneiro has been attributed as behind a novel Android trojan called BrasDex that has been observed targeting Brazilian users.

What is BrasDex?

BraDex is a banking malware targeting Android operating systems. This malicious program aims to gain access to victims’ bank accounts and make fraudulent transactions.

Research done by Threatfabric uncovered evidence that the cyber criminals behind BrasDex campaigns are also using the Casbaneiro trojan to infect Windows operating systems.

What does BrasDex do ?

BrasDex makes unauthorized transactions, i.e., moves through windows, enters the recipients’ data, etc. – automatically. The malware employs the Pix payment system for the transactions, as it allows them to be made only with the recipient’s identifier, such as their email, phone number, random ID, etc. The transactions themselves raise no suspicion as they are performed using a legitimate service and straight from a user’s account.

ThreatFabric’s investigation into BrasDex also allowed it to gain access to the C2 panel used by the criminal operators to keep track of the infected devices and retrieve data logs exfiltrated from the Android phones.

The C2 panel, as it happens, is also being utilized to keep tabs on a different malware campaign which compromises Windows machines to deploy Casbaneiro, a Delphi-based financial trojan

Casbaneiro’s features run the typical backdoor to steal sensitive, confidential information that can be misused to generate revenue in various ways.

Recommendation

If users suspect that your device is infected with BrasDex (or other malware) – immediately use an anti-virus program to eliminate it.

Symptoms

BrasDex Samples:

brasdex[.]com

Sha 256