New Android Malware Focusing on Brazil’s Itaú Unibanco Financial institution Clients
3 mins read

New Android Malware Focusing on Brazil’s Itaú Unibanco Financial institution Clients

New Android Malware Focusing on Brazil’s Itaú Unibanco Financial institution Clients


Researchers have found a brand new Android banking malware that targets Brazil’s Itaú Unibanco with the assistance of lookalike Google Play Retailer pages to hold out fraudulent monetary transactions on sufferer units with out their information.

“This utility has an identical icon and identify that would trick customers into considering it’s a legit app associated to Itaú Unibanco,” Cyble researchers mentioned in a report revealed final week. “The [threat actor] has created a pretend Google Play Retailer web page and hosted the malware that targets Itaú Unibanco on it beneath the identify ‘sincronizador.apk.'”

Automatic GitHub Backups

The tactic of leveraging pretend app retailer pages as a lure will not be new. In March, Meta (beforehand Fb) disclosed particulars of an assault marketing campaign that used its platform as a part of a broader operation to spy on Uyghur Muslims utilizing rogue third-party web sites that used reproduction domains for widespread information portals and web sites designed to resemble third-party Android app shops, the place attackers put pretend keyboard, prayer, and dictionary apps that may attraction to the targets.

Android Malware

Within the newest occasion noticed by Cyble, the pretend URL not solely impersonates the official Android app market, but additionally hosts the malware-laced Itaú Unibanco utility, along with claiming that the app has had 1,895,897 downloads.

Customers who set up and launch the imposter app from the supposed Google Play Retailer web page are subsequently prompted to allow accessibility providers in addition to different intrusive permissions that permit the malware to entry notifications, retrieve window content material, and carry out faucet and swipe gestures.

Prevent Data Breaches

The aim of the trojan, per the researchers, is to carry out fraudulent monetary transactions on the legit Itaú Unibanco utility by tampering with the person’s enter fields, becoming a member of an extended listing of banking malware that abuse the accessibility API. Google, for its half, has begun imposing new limitations to limit the usage of such permissions that permit apps to seize delicate data from Android units.

That is removed from the primary time the Sao Paulo-based monetary providers firm has come beneath the radar of financially-motivated risk teams. Earlier this April, ESET revealed a brand new banking trojan dubbed Janeleiro that was noticed hanging company customers in Brazil no less than since 2019 throughout varied sectors similar to engineering, healthcare, retail, manufacturing, finance, transportation, and authorities.

“Risk Actors consistently adapt their strategies to keep away from detection and discover new methods to focus on customers by means of more and more subtle methods. Such malicious functions typically masquerade as legit functions to trick customers into putting in them,” the researchers mentioned.

“Customers ought to set up functions solely after verifying their authenticity and set up them completely from the official Google Play Retailer and different trusted portals to keep away from such assaults.”



Leave a Reply

Your email address will not be published. Required fields are marked *