Security News > 2021 > December > New Android Malware Targeting Brazil's Itaú Unibanco Bank Customers
Researchers have discovered a new Android banking malware that targets Brazil's Itaú Unibanco with the help of lookalike Google Play Store pages to carry out fraudulent financial transactions on victim devices without their knowledge.
"The has created a fake Google Play Store page and hosted the malware that targets Itaú Unibanco on it under the name 'sincronizador.apk.'".
In March, Meta disclosed details of an attack campaign that used its platform as part of a broader operation to spy on Uyghur Muslims using rogue third-party websites that used replica domains for popular news portals and websites designed to resemble third-party Android app stores, where attackers put fake keyboard, prayer, and dictionary apps that might appeal to the targets.
In the latest instance observed by Cyble, the fake URL not only impersonates the official Android app marketplace, but also hosts the malware-laced Itaú Unibanco application, in addition to claiming that the app has had 1,895,897 downloads.
Users who install and launch the imposter app from the supposed Google Play Store page are subsequently prompted to enable accessibility services as well as other intrusive permissions that allow the malware to access notifications, retrieve window content, and perform tap and swipe gestures.
The goal of the trojan, per the researchers, is to perform fraudulent financial transactions on the legitimate Itaú Unibanco application by tampering with the user's input fields, joining a long list of banking malware that abuse the accessibility API. Google, for its part, has begun imposing new limitations to restrict the use of such permissions that allow apps to capture sensitive information from Android devices.
News URL
https://thehackernews.com/2021/12/new-android-malware-targeting-brazils_27.html
Related news
- Android malware "FakeCall" now reroutes bank calls to attackers (source)
- Russia targets Ukrainian conscripts with Windows, Android malware (source)
- New FakeCall Malware Variant Hijacks Android Devices for Fraudulent Banking Calls (source)
- New Android Banking Malware 'ToxicPanda' Targets Users with Fraudulent Money Transfers (source)
- Cyber crooks push Android malware via letter (source)
- SpyLoan Android malware on Google play installed 8 million times (source)
- 8 Million Android Users Hit by SpyLoan Malware in Loan Apps on Google Play (source)
- New DroidBot Android banking malware spreads across Europe (source)
- New DroidBot Android malware targets 77 banking, crypto apps (source)
- This $3,000 Android Trojan Targeting Banks and Cryptocurrency Exchanges (source)