Threat Group Cards: A Threat Actor Encyclopedia
Archived: 2026-04-05 13:22:56 UTC
Home > List all groups > List all tools > List all groups using tool PixPirate
 Tool: PixPirate
Names PixPirate
Category Malware
Type Banking trojan, Credential stealer
Description
(Cleafy) PixPirate belongs to the newest generation of Android banking trojan, as it can
perform ATS (Automatic Transfer System), enabling attackers to automate the insertion of a
malicious money transfer over the Instant Payment platform Pix, adopted by multiple Brazilian
banks.
PixPirate appears to have the following features, primarily achieved by abusing Accessibility
Services, such as:
- Ability to intercept valid banking credentials and perform ATS attacks on multiple Brazilian
banks via Pix payments
- Ability to intercept/delete SMS messages
- Preventing uninstall
- Malvertising
Information
Malpedia Last change to this tool card: 14 March 2024
Download this tool card in JSON format
All groups using tool PixPirate
Changed Name Country Observed
Unknown groups
https://apt.etda.or.th/cgi-bin/listgroups.cgi?u=a018b937-90ca-4998-be1a-3084ddac445e
Page 1 of 2

_[ Interesting malware not linked to an actor yet ]_  
1 group listed (0 APT, 0 other, 1 unknown)
Source: https://apt.etda.or.th/cgi-bin/listgroups.cgi?u=a018b937-90ca-4998-be1a-3084ddac445e
https://apt.etda.or.th/cgi-bin/listgroups.cgi?u=a018b937-90ca-4998-be1a-3084ddac445e
Page 2 of 2