A new Android banking trojan dubbed PixRevolution is exploiting Brazil’s PIX payment network-a system used by more than 150 million people and processing over three billion monthly transactions.
According to cybersecurity firm Zimperium, the malware surveils victims in real time. When a user initiates a PIX transfer, the trojan alerts a remote operator-either human or AI-who watches the victim’s screen and silently redirects funds to an attacker-controlled account.
Victims see no anomalies; their banking apps function normally and display standard confirmations. Because PIX transactions are instant and irreversible, stolen funds are nearly impossible to recover.
The malware specifically targets major Brazilian financial institutions including Santander Brasil, Banco do Brasil, and Nubank-the latter backed by Berkshire Hathaway with a $500 million investment in 2021.