Home News New Malware Discovered With Brazil’s Itaú Unibanco Bank App

New Malware Discovered With Brazil’s Itaú Unibanco Bank App

Researchers find a new Android malware targeting the customers of Brazilian bank Itaú Unibanco with a fake application.

MaliciousItaú Unibanco app,Web Application Security, web application attacks

Leveraging counterfeit apps to trick users and deploy malware on the targeted devices is a common attack vector for malware authors. Security experts Cyble recently uncovered a malicious Android application targeting the popular Brazilian banking company Itaú Unibanco. The fake Android app reportedly used a similar icon and name of Itaú Unibanco bank to trick users into downloading it, thinking it was legitimate. The researchers found that the threat actor created a fake Google Play Store page and hosted the malware – sincronizador.apk that targets Itaú Unibanco customers. The app allegedly has over 1,895,897 downloads.

In addition to malware infection, the attackers could also cause damage to users via various cybercriminal activities such as identity thefts, fraudulent financial transactions, etc.

Malicious App details:  

  • ​App Name: _lTAU_SINC/sincronizador
  • ​Package Name: com.app.pacotesinkinstall
  • SHA256 Hash: 3500c50910c94c7f9bc7b39a7b194bac6137cef586281ee22f5439bb2d140480

Infection Chain

Once the user installs the fake application, the website automatically downloads a malicious application with sincronizador.apk from the URL: hxxps://acesso.sincronizadorltoken[.]com/playstore_downloadS34/sincronizador.apk. Whenever the user opens the application, it prompts the user to enable the AccessibilityService and allow permissions to perform other actions such as Observe actions, Retrieve window content, and Perform gestures.

Also Read: How to Spot Malicious or Fake Apps

“Threat Actors constantly adapt their methods to avoid detection and find new ways to target users through increasingly sophisticated techniques. Such malicious applications often masquerade as legitimate applications to trick users into installing them. Users should install applications only after verifying their authenticity and install them exclusively from the official Google Play Store and other trusted portals to avoid such attacks,” the researchers said.              

Mitigation     

The researchers also recommended security measures to prevent malware infections from fake mobile applications. These are:

  • Download and install software only from official app stores like Google Play Store or the iOS App Store.
  • Use a reputed anti-virus and internet security software package on your connected devices, such as PCs, laptops, and mobile devices.
  • Use strong passwords and enforce multi-factor authentication wherever possible.
  • Enable biometric security features such as fingerprint or facial recognition for unlocking the mobile device where possible.
  • Be wary of opening any links received via SMS or emails delivered to your phone.
  • Ensure that Google Play Protect is enabled on Android devices.
  • Be careful while enabling any permissions.
  • Keep your devices, operating systems, and applications updated.

How to Spot Fake Apps

Even with multiple security checks and scans in place, several counterfeit and malicious apps remain undetected and make their way to the Play Store. Here are a few security tips to spot fake and malicious mobile applications:

  • Check for Discrepancies in the App Icon.
  • Observe App and its Developer’s Name.
  • Watch the Download Count.
  • Screenshots and Reviews.
  • App Publish/Update Date and Permissions.

Read our detailed report here