Cybercriminals Launch New BrasDex Android Trojan Targeting Brazilian Banking Users

Cybercriminals Launch New BrasDex Android Trojan Targeting Brazilian Banking Users

The threat actors behind the Windows banking malware known as Casbaneiro has been attributed as behind a novel Android trojan called BrasDex that has been observed targeting Brazilian users.

What is BrasDex?

BraDex is a banking malware targeting Android operating systems. This malicious program aims to gain access to victims’ bank accounts and make fraudulent transactions.

Research done by Threatfabric uncovered evidence that the cyber criminals behind BrasDex campaigns are also using the Casbaneiro trojan to infect Windows operating systems.

What does BrasDex do ?

BrasDex makes unauthorized transactions, i.e., moves through windows, enters the recipients’ data, etc. – automatically. The malware employs the Pix payment system for the transactions, as it allows them to be made only with the recipient’s identifier, such as their email, phone number, random ID, etc. The transactions themselves raise no suspicion as they are performed using a legitimate service and straight from a user’s account.

ThreatFabric’s investigation into BrasDex also allowed it to gain access to the C2 panel used by the criminal operators to keep track of the infected devices and retrieve data logs exfiltrated from the Android phones.

The C2 panel, as it happens, is also being utilized to keep tabs on a different malware campaign which compromises Windows machines to deploy Casbaneiro, a Delphi-based financial trojan

Casbaneiro’s features run the typical backdoor to steal sensitive, confidential information that can be misused to generate revenue in various ways.

Recommendation

If users suspect that your device is infected with BrasDex (or other malware) – immediately use an anti-virus program to eliminate it.

Symptoms

The device is running slow, system settings are modified without user’s permission, questionable applications appear, data and battery usage is increased significantly, browsers redirect to questionable websites, intrusive advertisements are delivered.

BrasDex Samples:

7747a9912e2605b64430a27e3c5af3556c26b4cb04c7242ca4e2cad5b6b33363
26ea3906cd0c724b0e0adb5b6c00144e59aa89aac18cd608c6e5a22c28c8d644
b549733ed3b77d97c7b2f9f651f22abc4df50899c01612a28ec6809d1a2c0040

brasdex[.]com

Sha 256

5a3b2128c550829ab357abd7c830506df73893e204a8e2578fc1e61a72de3df5
519d76eb6fea8b1a699c3a543b5f5eafab883ed92f6d207b8fa0189482b72ba1

About the Author:

FirstHackersNews- Identifies Security

Leave A Comment

Subscribe to our newsletter to receive security tips everday!