Appdome Logo
How to > Mobile Fraud Prevention Detection > Mobile ATO Prevention > How to Protect Android Apps Against PixPirate Malware

How to Protect Android Apps Against PixPirate Malware

Last updated October 5, 2024 by Alan Bavosa

Learn how to detect and protect against PixPirate Android malware in Android apps in mobile CI/CD using Appdome’s no-code unified mobile app defense platform.

What is PixPirate?

PixPirate is a sophisticated Android banking Trojan that targets users in Brazil and employs advanced techniques to evade detection. It exploits Android’s Accessibility Services to perform unauthorized fund transfers via the PIX instant payment platform. It can also steal online banking credentials, credit card information, capture keystrokes, and intercept SMS messages for two-factor authentication codes.

Typically distributed via SMS and WhatsApp, PixPirate involves a dropper app (downloader) that installs and runs the main payload (droppee). The downloader not only installs the droppee but also communicates with it to execute fraudulent activities. To evade detection, PixPirate hides its icon from the home screen, uses encryption and obfuscation to conceal its activities, and maintains persistence through system receivers activated by various events, ensuring it continues to operate even if the downloader is removed.

How Does Appdome Protect Against PixPirate?

Taking all the above into consideration, you can use Appdome to protect against PixPirate using a combination of following protection methods:

  • RASP – Prevents PixPirate from injecting itself into installed apps and repackaging them. Also includes anti-tampering, anti-debugging, anti-emulator, and other protections against dynamic attacks at runtime.
  • Code Obfuscation – Protects against decompiling and malicious reverse engineering.
  • Root Detection – Protects app from running on rooted Android device. Rooting exposes apps to tampering, data theft, and malware by giving attackers elevated access to system files and app data.
  • MitM Attack Prevention  – Prevents PixPirate from intercepting or hijacking sessions to steal data.
  • Keylogging Prevention – Prevents the use of malicious keyloggers which may be used to intercept two-factor authentication codes or harvest sensitive information.
  • Prevent Accessibility Services Malware – Detects and prevents malicious actions against mobile apps and users undertaken by malware and malware families that abuses Android AccessibilityService in mobile apps
  • Google Play Store Signature Validation – protects against fake apps, clones, masquerading.
  • Prevent ATS Malware   Detect active transaction hijacking attempts, blocks the attempt, provide a notification to the end user.

Each of the protections above are linked to the relevent knowledge base article for that feature, which provide detailed information about each feature and also explain how to implement each protection in your Android app.

Prerequisites

To use Appdome’s to protect Android apps against PixPirate, you’ll need the following:

Related Articles:

If you have any questions, please send them our way at support.appdome.com or via the chat window on the Appdome platform.

Thank you!

Thanks for visiting Appdome! Our mission is to secure every app on the planet by making mobile app security easy. We hope we’re living up to the mission with your project.

Alan Bavosa

Alan is a product specialist at appdome who loves helping mobile developers use a unified defense automation platform to protect Android & iOS apps in seconds.

Want a Demo?

Mobile ATO Prevention

TomWe're here to help
We'll get back to you in 24 hours to schedule your demo.