An apparently common application can hide the PixRevolution virus on an Android phone, which remains invisible until it identifies a financial transaction and, at that moment, takes control of the Pix transfer to modify the data and divert funds.

New financial malware acts during operations and expands digital security alert among Pix users in the country

Initially, a new type of banking virus targeting Android phones has begun to worry digital security specialists in Brazil.

Currently, the malware, identified as PixRevolution, focuses on users of the Pix system, created by the Central Bank of Brazil.

Furthermore, the attack occurs silently and, at the same time, during the transaction itself.

Thus, values can be diverted in seconds, while the user is still making the transfer, which increases the risk.

Consequently, the scenario is already considered critical.

Between July 2024 and June 2025, approximately 24 million Brazilians suffered financial scams involving Pix or payment slips.

In this context, the loss reached approximately R$ 29 billion, according to data from the Brazilian Public Security Forum.

At the same time, projections indicate that, by 2028, Pix frauds could exceed R$ 12 billion, which reinforces the scale of the problem.

Technical investigation reveals direct action on the device

Firstly, specialists point out that PixRevolution integrates a new generation of financial trojans.

In this sense, the malware acts directly on the victim’s device.

Furthermore, it uses Android accessibility permissions.

Thus, the system begins to monitor everything that appears on the screen, including passwords, codes, and banking data.

Meanwhile, during a transfer, the attack occurs in real-time.

That is, the virus interferes at the moment of operation confirmation.

Consequently, information can be altered and, thus, the value is redirected to criminal accounts, without the user noticing.

Furthermore, the malware also performs automatic actions within banking applications.

For example:

• Automatic field filling
• Authorization of financial operations
• Notification interception

Therefore, device control can be discreetly compromised.

Infection starts with fake apps

Next, specialists highlight that the main form of infection is social engineering.

In this scenario, criminals use fake applications that mimic reliable services.

Thus, the user is induced to install the application without realizing the risk involved.

After that, the virus starts operating silently.

That is, it is activated only when it identifies sensitive activities on the device.

For example, the malware springs into action upon detecting access to financial applications or the initiation of a Pix transaction.

Recommended for you

Economy

Father sends R$ 1,500 per month via Pix to help his daughter with rent and ends up causing a problem with the Federal Revenue after the amounts are interpreted as undeclared donations on the income tax.

Monthly transfers via Pix can be classified as donations and generate tax collection when not declared correctly A common situation among Brazilian families, however, began to attract the attention of the…

Caio Aviz

0

Warning signs indicate possible compromise

On the other hand, even with the sophistication of the attack, some signs may indicate that the phone has been compromised.

Among them, the following stand out:

• Unusual device slowness
• Unknown applications installed
• Excessive permission requests
• Unrecognized financial transactions

Thus, user attention becomes essential to avoid losses.

Basic measures help reduce risks

Given this scenario, specialists recommend simple digital security practices.

Among them:

• Download apps only from official stores
• Avoid accessing suspicious links
• Review permissions granted to apps
• Keep the operating system updated
• Double-check during Pix transfers

Finally, considering that over 76% of the Brazilian population uses Pix, the growth of this type of attack reinforces the need for constant care in the digital environment, especially given the speed of transactions and the difficulty of reversing values.

Sign up

Connect with

Access

I allow you to create an account.

When you first accessed our site using a Social Access button, we collected your public profile information shared by the Social Access provider, based on your privacy settings. We also obtained your email address to automatically create an account for you on our website. Once your account is created, you will be logged into that account.

I disagreeI agree

Notify of

new follow-up comments new responses to my comments

Label

Name*

E-mail*

Save my data for the next time I comment.

Save my name, email, and website in this browser's cookies for the next time I comment.

ONESIGNAL ID

ONESIGNAL ID

I allow you to create an account.

When you first accessed our site using a Social Access button, we collected your public profile information shared by the Social Access provider, based on your privacy settings. We also obtained your email address to automatically create an account for you on our website. Once your account is created, you will be logged into that account.

I disagreeI agree

Label

Name*

E-mail*

Save my data for the next time I comment.

Save my name, email, and website in this browser's cookies for the next time I comment.

ONESIGNAL ID

ONESIGNAL ID

0 Comments

most recent

older Most voted