{"id":3803,"date":"2021-11-19T17:30:35","date_gmt":"2021-11-19T12:00:35","guid":{"rendered":"https:\/\/xiarch.com\/blog\/?p=3803"},"modified":"2021-11-19T17:30:39","modified_gmt":"2021-11-19T12:00:39","slug":"android-malware-brazking-returns-as-crafty-banking-trojan","status":"publish","type":"post","link":"https:\/\/xiarch.com\/blog\/android-malware-brazking-returns-as-crafty-banking-trojan\/","title":{"rendered":"Android Malware BrazKing Returns as Crafty Banking Trojan"},"content":{"rendered":"\n<p><p style=\"text-align: justify;\">The BrazKing Android banking Trojan has returned with dynamic banking overlays and a new implementation trick that allows it to execute without requesting the risky permissions. A new malware sample was examined by IBM Trusteer investigators discovered it outside the Play Store, on sites where people end up after receiving smishing (SMS) messages,<\/p><\/p>\n\n\n\n<p><p style=\"text-align: justify;\">These HTTPS sites alert the eventual victim that they are utilizing an outdated Android version and offer an APK that will supposedly update them to the latest version.<\/p><\/p>\n\n\n\n<div class=\"wp-block-image\"><figure class=\"aligncenter size-full is-resized\"><img decoding=\"async\" loading=\"lazy\" src=\"https:\/\/xiarch.com\/blog\/wp-content\/uploads\/2021\/11\/Android-Malware-BrazKing-Returns-as-Crafty-Banking-Trojan-image1.jpg\" alt=\"Android-Malware-BrazKing-Returns-as-Crafty-Banking-Trojan-image1\" class=\"wp-image-3805\" width=\"403\" height=\"346\" srcset=\"https:\/\/xiarch.com\/blog\/wp-content\/uploads\/2021\/11\/Android-Malware-BrazKing-Returns-as-Crafty-Banking-Trojan-image1.jpg 471w, https:\/\/xiarch.com\/blog\/wp-content\/uploads\/2021\/11\/Android-Malware-BrazKing-Returns-as-Crafty-Banking-Trojan-image1-300x257.jpg 300w\" sizes=\"(max-width: 403px) 100vw, 403px\" \/><\/figure><\/div>\n\n\n\n<h2 class=\"wp-block-heading\"><strong>Only Asking for a Single Permission<\/strong><\/h2>\n\n\n\n<p><p style=\"text-align: justify;\">If the user approves \u201cdownloads from unknown sources,\u201d the malware is dropped on the device and requests access to the \u201cAccessibility Service\u201d.<\/p><\/p>\n\n\n\n<p><p style=\"text-align: justify;\">This permission is harmed to capture screenshots and keystrokes without requesting and additional permissions that would risk the increasing suspicion. More specifically, the accessibility service is utilized by BrazKing for the following malicious activity:<\/p><\/p>\n\n\n\n<ul><li>Dissect the screen programmatically instead of taking screenshots in picture format. This can be done programmatically but on a non-rooted device that would require the explicit approval of the user.<\/li><li>Keylogger capabilities by reading the views on the screen.<\/li><li>RAT capabilities\u2014BrazKing can manipulate the target banking application by tapping buttons or keying text in.<\/li><li>Read SMS without the \u2018android.permission.READ_SMS\u2019 permission by reading text messages that appear on the screen. This can give actors access to 2FA codes.<\/li><li>Read contact lists without \u2018android.permission.READ_CONTACTS\u2019 permission by reading the contacts on the \u201cContacts\u201d screen<\/li><\/ul>\n\n\n\n<p><p style=\"text-align: justify;\">Initiating on Android 11, Google has divided the list of installed applications as sensitive information, so any malware that trials to fetch it is flagged by Play Protect as malicious. This is a new problem for all the banking overlaying Trojans that required determining which bank applications are installed on the infected device to serve matching login screens.<\/p><\/p>\n\n\n\n<p><p style=\"text-align: justify;\">BrazKing no longer utilizes the \u2018getinstalledpackages\u2019 API request as it utilized to but instead uses the screen dissection feature to view what applications are installed on the affected device. When it comes to overlaying, BrazKing now does it without the &#8216;System_Alert_Window&#8217; permission, so it can&#8217;t overlay a fake screen on top of the original app as other trojans do.<\/p><\/p>\n\n\n\n<p><p style=\"text-align: justify;\">Instead, it loads the fake screen as an URL from the attacker&#8217;s server in a web view window, added from within the accessibility service. This covers the app and all its windows but doesn&#8217;t force an exit from it.<\/p><\/p>\n\n\n\n<div class=\"wp-block-image\"><figure class=\"aligncenter size-large is-resized\"><img decoding=\"async\" loading=\"lazy\" src=\"https:\/\/xiarch.com\/blog\/wp-content\/uploads\/2021\/11\/Android-Malware-BrazKing-Returns-as-Crafty-Banking-Trojan-image2-1024x256.png\" alt=\"Android-Malware-BrazKing-Returns-as-Crafty-Banking-Trojan-image2\" class=\"wp-image-3806\" width=\"736\" height=\"184\" srcset=\"https:\/\/xiarch.com\/blog\/wp-content\/uploads\/2021\/11\/Android-Malware-BrazKing-Returns-as-Crafty-Banking-Trojan-image2-1024x256.png 1024w, https:\/\/xiarch.com\/blog\/wp-content\/uploads\/2021\/11\/Android-Malware-BrazKing-Returns-as-Crafty-Banking-Trojan-image2-300x75.png 300w, https:\/\/xiarch.com\/blog\/wp-content\/uploads\/2021\/11\/Android-Malware-BrazKing-Returns-as-Crafty-Banking-Trojan-image2-768x192.png 768w, https:\/\/xiarch.com\/blog\/wp-content\/uploads\/2021\/11\/Android-Malware-BrazKing-Returns-as-Crafty-Banking-Trojan-image2.png 1387w\" sizes=\"(max-width: 736px) 100vw, 736px\" \/><\/figure><\/div>\n\n\n\n<p><p style=\"text-align: justify;\">When detecting the login to an online bank, instead of displaying built-in overlays, the malware will now connect to the command and control server to receive the correct login overlay to display.<\/p><\/p>\n\n\n\n<p><p style=\"text-align: justify;\">This dynamic overlay system makes it easier for the threat actors to steal credentials for a broader range of banks. Serving the overlays from the attacker&#8217;s servers also allows them to update the login screens as necessary to coincide with changes on the legitimate banking apps or sites or add support for new banks.<\/p><\/p>\n\n\n\n<h2 class=\"wp-block-heading\"><strong>Obfuscation and resistance to deletion<\/strong><\/h2>\n\n\n\n<p><p style=\"text-align: justify;\">The new version of BrazKing protects internal resources by applying an XOR operation using a hardcoded key and then also encodes them with Base64. Analysts can quickly reverse these steps, but they still help the malware go unnoticed when nested in the victim&#8217;s device.<\/p><\/p>\n\n\n\n<div class=\"wp-block-image\"><figure class=\"aligncenter size-large is-resized\"><img decoding=\"async\" loading=\"lazy\" src=\"https:\/\/xiarch.com\/blog\/wp-content\/uploads\/2021\/11\/Android-Malware-BrazKing-Returns-as-Crafty-Banking-Trojan-image3-1024x217.png\" alt=\"Android-Malware-BrazKing-Returns-as-Crafty-Banking-Trojan-image3\" class=\"wp-image-3807\" width=\"637\" height=\"135\" srcset=\"https:\/\/xiarch.com\/blog\/wp-content\/uploads\/2021\/11\/Android-Malware-BrazKing-Returns-as-Crafty-Banking-Trojan-image3-1024x217.png 1024w, https:\/\/xiarch.com\/blog\/wp-content\/uploads\/2021\/11\/Android-Malware-BrazKing-Returns-as-Crafty-Banking-Trojan-image3-300x64.png 300w, https:\/\/xiarch.com\/blog\/wp-content\/uploads\/2021\/11\/Android-Malware-BrazKing-Returns-as-Crafty-Banking-Trojan-image3-768x163.png 768w, https:\/\/xiarch.com\/blog\/wp-content\/uploads\/2021\/11\/Android-Malware-BrazKing-Returns-as-Crafty-Banking-Trojan-image3.png 1254w\" sizes=\"(max-width: 637px) 100vw, 637px\" \/><\/figure><\/div>\n\n\n\n<p><p style=\"text-align: justify;\">If the user attempts to delete the malware, it quickly taps on the &#8216;Back&#8217; or &#8216;Home&#8217; buttons to prevent the action. The same trick is used when the user tries to open an antivirus app, hoping to scan and remove the malware within the security tool.<\/p><\/p>\n\n\n\n<p><p style=\"text-align: justify;\">BrazKing&#8217;s evolution shows that malware authors quickly adapt to deliver stealthier versions of their tools as Android&#8217;s security tightens up. The ability to snatch 2FA codes, credentials, and take screenshots without hoarding permissions makes the Trojan a lot more potent than it used to be, so be very careful with APK downloads outside the Play Store.<\/p><\/p>\n\n\n\n<p><p style=\"text-align: justify;\">According to the IBM report, BrazKing appears to be operated by local threat groups, as it is circulating on Portuguese-speaking websites.<\/p><\/p>\n","protected":false},"excerpt":{"rendered":"<p>The BrazKing Android banking Trojan has returned with dynamic banking overlays and a new implementation trick that allows it to execute without requesting the risky permissions. A new malware sample was examined by IBM Trusteer investigators discovered it outside the Play Store, on sites where people end up after receiving smishing (SMS) messages, These HTTPS [&hellip;]<\/p>\n","protected":false},"author":2,"featured_media":3808,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":[],"categories":[6],"tags":[],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v20.11 - https:\/\/yoast.com\/wordpress\/plugins\/seo\/ -->\n<title>Android Malware BrazKing Returns as Crafty Banking Trojan - Xiarch Solutions Private Limited<\/title>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/xiarch.com\/blog\/android-malware-brazking-returns-as-crafty-banking-trojan\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Android Malware BrazKing Returns as Crafty Banking Trojan - Xiarch Solutions Private Limited\" \/>\n<meta property=\"og:description\" content=\"The BrazKing Android banking Trojan has returned with dynamic banking overlays and a new implementation trick that allows it to execute without requesting the risky permissions. A new malware sample was examined by IBM Trusteer investigators discovered it outside the Play Store, on sites where people end up after receiving smishing (SMS) messages, These HTTPS [&hellip;]\" \/>\n<meta property=\"og:url\" content=\"https:\/\/xiarch.com\/blog\/android-malware-brazking-returns-as-crafty-banking-trojan\/\" \/>\n<meta property=\"og:site_name\" content=\"Xiarch Solutions Private Limited\" \/>\n<meta property=\"article:publisher\" content=\"https:\/\/www.facebook.com\/xiarch\/\" \/>\n<meta property=\"article:published_time\" content=\"2021-11-19T12:00:35+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2021-11-19T12:00:39+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/xiarch.com\/blog\/wp-content\/uploads\/2021\/11\/Android-Malware-BrazKing-Returns-as-Crafty-Banking-Trojan-featured-image.jpg\" \/>\n\t<meta property=\"og:image:width\" content=\"1000\" \/>\n\t<meta property=\"og:image:height\" content=\"525\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/jpeg\" \/>\n<meta name=\"author\" content=\"Xiarch Security\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:creator\" content=\"@xiarch\" \/>\n<meta name=\"twitter:site\" content=\"@xiarch\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"Xiarch Security\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"4 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\/\/xiarch.com\/blog\/android-malware-brazking-returns-as-crafty-banking-trojan\/#article\",\"isPartOf\":{\"@id\":\"https:\/\/xiarch.com\/blog\/android-malware-brazking-returns-as-crafty-banking-trojan\/\"},\"author\":{\"name\":\"Xiarch Security\",\"@id\":\"https:\/\/xiarch.com\/blog\/#\/schema\/person\/655d814a04eacce56942270cfdc5c59c\"},\"headline\":\"Android Malware BrazKing Returns as Crafty Banking Trojan\",\"datePublished\":\"2021-11-19T12:00:35+00:00\",\"dateModified\":\"2021-11-19T12:00:39+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\/\/xiarch.com\/blog\/android-malware-brazking-returns-as-crafty-banking-trojan\/\"},\"wordCount\":664,\"commentCount\":0,\"publisher\":{\"@id\":\"https:\/\/xiarch.com\/blog\/#organization\"},\"articleSection\":[\"Vulnerabilities\"],\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"CommentAction\",\"name\":\"Comment\",\"target\":[\"https:\/\/xiarch.com\/blog\/android-malware-brazking-returns-as-crafty-banking-trojan\/#respond\"]}]},{\"@type\":\"WebPage\",\"@id\":\"https:\/\/xiarch.com\/blog\/android-malware-brazking-returns-as-crafty-banking-trojan\/\",\"url\":\"https:\/\/xiarch.com\/blog\/android-malware-brazking-returns-as-crafty-banking-trojan\/\",\"name\":\"Android Malware BrazKing Returns as Crafty Banking Trojan - Xiarch Solutions Private Limited\",\"isPartOf\":{\"@id\":\"https:\/\/xiarch.com\/blog\/#website\"},\"datePublished\":\"2021-11-19T12:00:35+00:00\",\"dateModified\":\"2021-11-19T12:00:39+00:00\",\"breadcrumb\":{\"@id\":\"https:\/\/xiarch.com\/blog\/android-malware-brazking-returns-as-crafty-banking-trojan\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/xiarch.com\/blog\/android-malware-brazking-returns-as-crafty-banking-trojan\/\"]}]},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/xiarch.com\/blog\/android-malware-brazking-returns-as-crafty-banking-trojan\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\/\/xiarch.com\/blog\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Android Malware BrazKing Returns as Crafty Banking Trojan\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/xiarch.com\/blog\/#website\",\"url\":\"https:\/\/xiarch.com\/blog\/\",\"name\":\"Xiarch Solutions Private Limited\",\"description\":\"\",\"publisher\":{\"@id\":\"https:\/\/xiarch.com\/blog\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/xiarch.com\/blog\/?s={search_term_string}\"},\"query-input\":\"required name=search_term_string\"}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\/\/xiarch.com\/blog\/#organization\",\"name\":\"Xiarch\",\"url\":\"https:\/\/xiarch.com\/blog\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/xiarch.com\/blog\/#\/schema\/logo\/image\/\",\"url\":\"https:\/\/xiarch.com\/blog\/wp-content\/uploads\/2021\/06\/xi-logo-002.png\",\"contentUrl\":\"https:\/\/xiarch.com\/blog\/wp-content\/uploads\/2021\/06\/xi-logo-002.png\",\"width\":300,\"height\":300,\"caption\":\"Xiarch\"},\"image\":{\"@id\":\"https:\/\/xiarch.com\/blog\/#\/schema\/logo\/image\/\"},\"sameAs\":[\"https:\/\/www.facebook.com\/xiarch\/\",\"https:\/\/twitter.com\/xiarch\",\"https:\/\/www.linkedin.com\/company\/xiarch\"]},{\"@type\":\"Person\",\"@id\":\"https:\/\/xiarch.com\/blog\/#\/schema\/person\/655d814a04eacce56942270cfdc5c59c\",\"name\":\"Xiarch Security\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/xiarch.com\/blog\/#\/schema\/person\/image\/\",\"url\":\"https:\/\/secure.gravatar.com\/avatar\/d33699ed91b76568586dc1ae278ea568?s=96&d=mm&r=g\",\"contentUrl\":\"https:\/\/secure.gravatar.com\/avatar\/d33699ed91b76568586dc1ae278ea568?s=96&d=mm&r=g\",\"caption\":\"Xiarch Security\"},\"sameAs\":[\"https:\/\/xiarch.com\/blog\/\"],\"url\":\"https:\/\/xiarch.com\/blog\/author\/vector\/\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Android Malware BrazKing Returns as Crafty Banking Trojan - Xiarch Solutions Private Limited","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/xiarch.com\/blog\/android-malware-brazking-returns-as-crafty-banking-trojan\/","og_locale":"en_US","og_type":"article","og_title":"Android Malware BrazKing Returns as Crafty Banking Trojan - Xiarch Solutions Private Limited","og_description":"The BrazKing Android banking Trojan has returned with dynamic banking overlays and a new implementation trick that allows it to execute without requesting the risky permissions. A new malware sample was examined by IBM Trusteer investigators discovered it outside the Play Store, on sites where people end up after receiving smishing (SMS) messages, These HTTPS [&hellip;]","og_url":"https:\/\/xiarch.com\/blog\/android-malware-brazking-returns-as-crafty-banking-trojan\/","og_site_name":"Xiarch Solutions Private Limited","article_publisher":"https:\/\/www.facebook.com\/xiarch\/","article_published_time":"2021-11-19T12:00:35+00:00","article_modified_time":"2021-11-19T12:00:39+00:00","og_image":[{"width":1000,"height":525,"url":"https:\/\/xiarch.com\/blog\/wp-content\/uploads\/2021\/11\/Android-Malware-BrazKing-Returns-as-Crafty-Banking-Trojan-featured-image.jpg","type":"image\/jpeg"}],"author":"Xiarch Security","twitter_card":"summary_large_image","twitter_creator":"@xiarch","twitter_site":"@xiarch","twitter_misc":{"Written by":"Xiarch Security","Est. reading time":"4 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/xiarch.com\/blog\/android-malware-brazking-returns-as-crafty-banking-trojan\/#article","isPartOf":{"@id":"https:\/\/xiarch.com\/blog\/android-malware-brazking-returns-as-crafty-banking-trojan\/"},"author":{"name":"Xiarch Security","@id":"https:\/\/xiarch.com\/blog\/#\/schema\/person\/655d814a04eacce56942270cfdc5c59c"},"headline":"Android Malware BrazKing Returns as Crafty Banking Trojan","datePublished":"2021-11-19T12:00:35+00:00","dateModified":"2021-11-19T12:00:39+00:00","mainEntityOfPage":{"@id":"https:\/\/xiarch.com\/blog\/android-malware-brazking-returns-as-crafty-banking-trojan\/"},"wordCount":664,"commentCount":0,"publisher":{"@id":"https:\/\/xiarch.com\/blog\/#organization"},"articleSection":["Vulnerabilities"],"inLanguage":"en-US","potentialAction":[{"@type":"CommentAction","name":"Comment","target":["https:\/\/xiarch.com\/blog\/android-malware-brazking-returns-as-crafty-banking-trojan\/#respond"]}]},{"@type":"WebPage","@id":"https:\/\/xiarch.com\/blog\/android-malware-brazking-returns-as-crafty-banking-trojan\/","url":"https:\/\/xiarch.com\/blog\/android-malware-brazking-returns-as-crafty-banking-trojan\/","name":"Android Malware BrazKing Returns as Crafty Banking Trojan - Xiarch Solutions Private Limited","isPartOf":{"@id":"https:\/\/xiarch.com\/blog\/#website"},"datePublished":"2021-11-19T12:00:35+00:00","dateModified":"2021-11-19T12:00:39+00:00","breadcrumb":{"@id":"https:\/\/xiarch.com\/blog\/android-malware-brazking-returns-as-crafty-banking-trojan\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/xiarch.com\/blog\/android-malware-brazking-returns-as-crafty-banking-trojan\/"]}]},{"@type":"BreadcrumbList","@id":"https:\/\/xiarch.com\/blog\/android-malware-brazking-returns-as-crafty-banking-trojan\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/xiarch.com\/blog\/"},{"@type":"ListItem","position":2,"name":"Android Malware BrazKing Returns as Crafty Banking Trojan"}]},{"@type":"WebSite","@id":"https:\/\/xiarch.com\/blog\/#website","url":"https:\/\/xiarch.com\/blog\/","name":"Xiarch Solutions Private Limited","description":"","publisher":{"@id":"https:\/\/xiarch.com\/blog\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/xiarch.com\/blog\/?s={search_term_string}"},"query-input":"required name=search_term_string"}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/xiarch.com\/blog\/#organization","name":"Xiarch","url":"https:\/\/xiarch.com\/blog\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/xiarch.com\/blog\/#\/schema\/logo\/image\/","url":"https:\/\/xiarch.com\/blog\/wp-content\/uploads\/2021\/06\/xi-logo-002.png","contentUrl":"https:\/\/xiarch.com\/blog\/wp-content\/uploads\/2021\/06\/xi-logo-002.png","width":300,"height":300,"caption":"Xiarch"},"image":{"@id":"https:\/\/xiarch.com\/blog\/#\/schema\/logo\/image\/"},"sameAs":["https:\/\/www.facebook.com\/xiarch\/","https:\/\/twitter.com\/xiarch","https:\/\/www.linkedin.com\/company\/xiarch"]},{"@type":"Person","@id":"https:\/\/xiarch.com\/blog\/#\/schema\/person\/655d814a04eacce56942270cfdc5c59c","name":"Xiarch Security","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/xiarch.com\/blog\/#\/schema\/person\/image\/","url":"https:\/\/secure.gravatar.com\/avatar\/d33699ed91b76568586dc1ae278ea568?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/d33699ed91b76568586dc1ae278ea568?s=96&d=mm&r=g","caption":"Xiarch Security"},"sameAs":["https:\/\/xiarch.com\/blog\/"],"url":"https:\/\/xiarch.com\/blog\/author\/vector\/"}]}},"_links":{"self":[{"href":"https:\/\/xiarch.com\/blog\/wp-json\/wp\/v2\/posts\/3803"}],"collection":[{"href":"https:\/\/xiarch.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/xiarch.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/xiarch.com\/blog\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/xiarch.com\/blog\/wp-json\/wp\/v2\/comments?post=3803"}],"version-history":[{"count":1,"href":"https:\/\/xiarch.com\/blog\/wp-json\/wp\/v2\/posts\/3803\/revisions"}],"predecessor-version":[{"id":3809,"href":"https:\/\/xiarch.com\/blog\/wp-json\/wp\/v2\/posts\/3803\/revisions\/3809"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/xiarch.com\/blog\/wp-json\/wp\/v2\/media\/3808"}],"wp:attachment":[{"href":"https:\/\/xiarch.com\/blog\/wp-json\/wp\/v2\/media?parent=3803"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/xiarch.com\/blog\/wp-json\/wp\/v2\/categories?post=3803"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/xiarch.com\/blog\/wp-json\/wp\/v2\/tags?post=3803"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}