PixRevolution: The Agent-Operated Android Trojan Hijacking Brazil’s PIX Payments in Real Time

PixRevolution is an Android banking trojan campaign targeting Brazil's PIX instant-payment ecosystem: malicious apps hosted on attacker-controlled fake Play Store pages and droppers request an accessibility service and use Android's MediaProjection API to stream victims' screens in real time to remote operators, who then overwrite PIX recipient fields and confirm transfers via input injection and overlays, resulting in irrevocable theft; the report includes technical analysis, MITRE ATT&CK mappings, sample branding details, and IOCs.