Learn about the new Pix scam. Be careful! It can be carried out via cell phone.
According to cybersecurity company Kaspersky, a new virus for cell phones capable of transferring money via Pix emerged after a phantom scam in Brazil. The technique developed by Brazilian criminals was discovered in December and, although it only occurs in our country, it is already the second most registered scam in all of Latin America.
According to a survey carried out at the request of Folha de S.Paulo, the malware generated 1,385 victims of scams in 2023. In Latin American countries, the Banbra family virus, used by ghosts to remotely access smartphones, affects the largest number, with 2,039 cases.
Pix scams
This type of scam allows criminals to switch recipients and transfer money to themselves. Malicious programs (malware) perform steps before asking for your password. Some signs include screen flickering and slow loading times. Scammers can steal up to 95% of your account balance in a single scam. Hackers (those who focus on electronic criminal activity) use fake notifications and apps to infect phones.
For example, in one of the episodes, the scam starts with a notification about a WhatsApp update, leading to a simulation of the messaging app. All users who downloaded the WhatsApp v2.5 update were affected. Following Kaspersky's announcement, the app was removed from Google Play. Fabio Marenghi, a senior security analyst at the company, said that they are in constant communication with the organization responsible for the Android operating system.
The way criminals operate was presented at the Kaspersky Latin American Cybersecurity Conference, held in Costa Rica. In a statement, Google said that security in its app store is a priority. “Our users are protected with Google Play Protect, which identifies and alerts users about risky activity in their apps and Android devices.” It is worth remembering that viruses also exist on Apple devices, such as iPhones, but are less common.
Avoid scams
This malware model benefits cybercriminals by allowing them to operate on a large scale. Unlike scams that require direct intervention from scammers, Pix redirects are performed automatically by the software itself.
To avoid scams, first be wary of messages asking for “access to accessibility options.” This applies to requests from browsers and apps. These permissions provide broad access to the smartphone’s features and are only required for users who need help using the device to use select apps. Be careful, after doing its trick, the malware removes itself, erasing any traces.
Cybercriminals prefer Pix because of its speed. Since this technology makes payments instantaneous, it is easier to disperse the money between multiple accounts. This type of scam makes it very difficult to track the funds, according to the director of Kaspersky's Global Research and Analysis Team, Fabio Assolini.
Researchers from cybersecurity companies have been monitoring the Pix diversion tactic since the end of 2022. The first malware known to the public was Brasdex. In the early 2010s, the main problem was ATS, an automated payment routing strategy via computer. This situation was replaced by remote access fraud, as banks implemented effective security programs to prevent it. As for smartphones, this barrier is still under development.
