Andromeda: The latest Brazilian DTO malware

Brazil has been the target of multiple threat actors groups for years, including in the world of mobile banking. In addition to the ongoing activity from threat actors focused on the country's traditional banking ecosystem, increased targeting of more modern financial services technologies has also been observed. This includes the instant payment system developed by the Brazilian Central Bank, known as the Pix Payment System.

In the past, ThreatFabric has discussed several malware families targeting this region and the Pix system in our blog posts about BrasDex and AmexTroll. These malware families offer criminals the ability to perform Device Take Over (DTO), and, in the case of BrasDex, even full Automated Transfer System (ATS) attacks.

Over the course of this year, there have been a multitude of other malware families active in the region (like GoatRAT, PixPIrate, etc.), due in part to the availability of already functional malicious code, as well as developmentframeworks that bridge the knowledge gap required to develop malware.

Please use the form to request the full report.