Banking trojans put internet end-users at risk due to their sophistication and obfuscation techniques. They are often capable of evading antivirus and EDR systems, as observed on the relatively new MAXTRILHA trojan banker from Brazil.
BrazKing is one of the most predominant banking trojans these days, impacting mobile users worldwide. This malware has existed since 2018 November. It was developed by Brazilian gangues and targets mainly Brazilian mobile users. This new release brings many new features and seems more capable and agile than before.
As observed on other malware this line, it avoided the Google Play Store protections and was disseminated legitimately on the official store, increasing the number of infections. In short, when the users are navigating a specific website, often disseminated via social engineering campaigns, they are asked to install a new app to fit the new updates. Figure 1 below shows a print of the malicious window in the Portuguese language.
Figure 1: BrazKing initiates its infection chain with a social engineering message (source).
After clicking on the button, the application is downloaded using the mobile web browser and installed on the device by the package manager. Because of this, the option “ download of apps from