users Itaú Unibanco app for Android is a goal banking trojan It can carry out fraudulent transactions and steal funds stored in the victim’s account. The malicious agent was discovered by the digital security company Cyble, according to a statement released last Thursday (23).
According to the company’s experts, Malware The intent uses fake messages to trick bank customers into downloading a sync tool, which is supposed to be necessary to make transactions in the bank’s app. After downloading in a file Fake Google Play Store version, no machine is installed in virtual Prague.
Then the Trojan horse asks for permission to use the file android access services And from there the work begins silently. With the concessions offered, he tries to open the real Itaú app and impersonate the victim, being able to perform operations on the platform as if he were the account holder himself.
Fake Play Store page used in malicious campaign.source: Cyble / Play
Also according to the researchers, the malicious app does not ask for any advanced permissions, avoiding raising suspicion, and has an icon identical to the real version. The fake download page that the victim is directed to looks a lot like the official Android app store, which makes the bait more effective.
How is the scam based on a phishing campaign, the main advice is Beware of presumed sent messages By the bank via SMS or email and not clicking on the links in them. Also, avoid Download apps outside the Play Storeas much as they can Hide different dangers.
It is also necessary. Update apps Installed on the cell phone and The operating systemGet the latest security fixes that eliminate different types of vulnerabilities.
The fake Play Store used in this campaign is currently down, according to Cyble, but those responsible for the scam can appeal it using different domains.
“Incurable thinker. Food aficionado. Subtly charming alcohol scholar. Pop culture advocate.”