Security News > 2021 > December > Android banking trojan spreads via fake Google Play Store page

The actors have set up a page that looks very close to Android's official Google Play app store to trick visitors into thinking they are installing the app from a trustworthy service.
The malware pretends to be the official banking app for Itaú Unibanco and features the same icon as the legitimate app.
Google Play Store apps are installed through the store interface, never asking the user to download and install programs manually.
Researchers at Cyble analyzed the malware, finding that upon execution, it attempts to open the real Itaú app from the actual Play Store.
If you want to enjoy the convenience of mobile e-banking, make sure to install the app from the bank's official website or the Google Play Store.
Finally, regularly check and ensure that Google Play Protect is enabled on your Android device.
News URL
Related news
- SpyLend Android malware downloaded 100,000 times from Google Play (source)
- New North Korean Android spyware slips onto Google Play (source)
- Malicious Android 'Vapor' apps on Google Play installed 60 million times (source)
- New Android Trojan Crocodilus Abuses Accessibility to Steal Banking and Crypto Credentials (source)
- Week in review: Exploited 7-Zip 0-day flaw, crypto-stealing malware found on App Store, Google Play (source)
- Google Confirms Android SafetyCore Enables AI-Powered On-Device Content Classification (source)
- New TgToxic Banking Trojan Variant Evolves with Anti-Analysis Upgrades (source)
- Google's March 2025 Android Security Update Fixes Two Actively Exploited Vulnerabilities (source)
- How Google tracks Android device users before they've even opened an app (source)
- Google fixes Android zero-day exploited by Serbian authorities (source)