Threat Group Cards: A Threat Actor Encyclopedia
Archived: 2026-04-02 10:43:29 UTC
Home > List all groups > List all tools > List all groups using tool PixStealer
 Tool: PixStealer
Names
PixStealer
BrazKing
Category Malware
Type Banking trojan, Info stealer, Credential stealer
Description
(Check Point) The PixStealer malware’s internal name is “Pag Cashback 1.4″. It was
distributed on Google Play as a fake PagBank Cashback service and targeted only the
Brazilian PagBank.
The package name com.pagcashback.beta indicates the application might be in the beta stage.
PixStealer uses a “less is more” technique: as a very small app with minimum permissions and
no connection to a C&C, it has only one function: transfer all of the victim’s funds to an actor-controlled account.
With this approach, the malware cannot update itself by communicating with a C&C, or steal
and upload any information about the victims, but achieves the very important goal: to stay
undetectable.
Information
Malpedia Last change to this tool card: 27 December 2022
Download this tool card in JSON format
All groups using tool PixStealer
Changed Name Country Observed
Unknown groups
https://apt.etda.or.th/cgi-bin/listgroups.cgi?u=57ed45f3-db97-4bb6-a5f6-cb83a1f0fc16
Page 1 of 2

_[ Interesting malware not linked to an actor yet ]_  
1 group listed (0 APT, 0 other, 1 unknown)
Source: https://apt.etda.or.th/cgi-bin/listgroups.cgi?u=57ed45f3-db97-4bb6-a5f6-cb83a1f0fc16
https://apt.etda.or.th/cgi-bin/listgroups.cgi?u=57ed45f3-db97-4bb6-a5f6-cb83a1f0fc16
Page 2 of 2