Find notable cyber news and cases, enriched with sources, timelines, and signals.
Home Browse News Feed Stats Watchlists Beta About Contact

PixRevolution Android banking trojan hijacking PIX transfers

Malware Activity
First reported
Last updated
Happening score
H score 14
1 unique sources, 1 articles

Summary

Hide ▲

PixRevolution is a newly identified Android banking trojan that is hijacking Brazil's PIX payments in real time, putting instant transfers at risk of silent fund redirection. The malware waits until a user begins a transfer, then swaps the recipient key before the payment is confirmed. It uses accessibility permissions, live screen streaming, and a fake loading screen to hide the manipulation. The threat matters because PIX settles within seconds and cannot be reversed once completed.

Related Happenings

NGate Android Brazil fake-app and fake-lottery campaign

Campaign
First: 21.04.2026 12:00 Last: 21.04.2026 12:00 Sources 1

About this happening: A **NGate** campaign has been active since **November 2025**, targeting primarily **Android devices in Brazil** and using **fake-app** and **fake-lottery** lures to spread a malic...

Open Happening

BeatBanker Android phishing campaign targeting Brazilian users

Campaign
First: 12.03.2026 09:56 Last: 12.03.2026 09:56 Sources 1

How related: Zimperium warned that the campaign spreads through fraudulent download pages designed to resemble the official Google Play store.

About this happening: A **BeatBanker** Android phishing campaign is targeting **Brazilian users**, creating a risk of device compromise and payment theft. The lure uses **Google Play Store** lookalike...

Open Happening

BeatBanker Android malware activity

Malware Activity
First: 10.03.2026 23:27 Last: 10.03.2026 23:27 Sources 1

About this happening: The **BeatBanker** Android malware is actively **hijacking devices** by posing as a **Starlink app**, creating risk of credential theft, illicit mining, and remote device control....

Open Happening

Google Play Protect and Play Integrity API expand Android anti-abuse controls in 2025

Security Tool/Service
First: 19.02.2026 19:00 Last: 19.02.2026 19:00 Sources 1

About this happening: Google expanded **Play Protect** and **Play Integrity API** anti-abuse controls for Android apps in **2025**, strengthening protection across the app ecosystem. The update matters...

Open Happening

Massiv Android trojan device-takeover and credential-theft activity

Malware Activity
First: 19.02.2026 12:24 Last: 19.02.2026 12:24 Sources 1

About this happening: The **Massiv** Android trojan has been disclosed as a **device-takeover** threat that can steal banking credentials and enable fraudulent transactions. It uses **screen streaming*...

Open Happening

Timeline

  1. 12.03.2026 18:00 2 articles · 2mo ago

    Zimperium identifies PixRevolution Android trojan

    Technical Analysis Update

    Zimperium identified PixRevolution as an Android banking trojan targeting Brazil's PIX transfers by silently monitoring victims' smartphones, replacing recipient keys during payment processing, and using a fake loading screen reading "Aguarde…" to conceal the change. The malware spreads through fraudulent download pages that imitate the official Google Play store, prompts users to enable an accessibility service called "Revolution," and uses an agent-in-the-loop model with live screen streaming and remote operator intervention.

    Show sources
    Open in new tab