Android banking virus spreads using fake Google Play Store website


An Android banking virus targeting Ita Unibanco, a major Brazilian financial services company with 55 million customers worldwide, used a unique approach to spread to devices. To trick users into believing that they are installing the program from a trustworthy site, the actors have created a page that looks quite similar to Android’s official Google Play app store. The Trojan masquerades as Ita Unibanco’s official banking software and uses the same icon as the original version.

If successful, it uses the real application to perform fraudulent transactions by modifying user input fields. The application does not ask for any dangerous permissions during installation, thus avoiding raising suspicions or risking being detected by audio-visual tools. Instead, it aims to take advantage of the Accessibility Service, which is all mobile malware needs to bypass all security on Android systems. As a recent report from Security Research Labs explains, we are currently facing a pandemic of Android malware accessibility abuse, and Google has yet to close the targeted weak spot.

Check your gems: RubyGems fixes unauthorized package takeover bug
If the user clicks on the “Install” button, he is offered to download the APK, which is the first sign of the scam. Google Play Store apps are installed through the store interface, never requiring the user to download and install programs manually. Cyble researchers analyzed the malware and found that when executed, it attempted to open the real Itaú app from the Play Store.

As such, only the user has the ability to spot the signs of abuse and stop the malware before it has a chance to perform destructive actions on the device. These signs come in the form of an application requesting permission to perform gestures, retrieve window content, and observe user actions. The websites used to distribute the malicious APKs have been flagged and taken offline for the time being, but actors may return via different domains. Use real banking apps. If you want to enjoy the convenience of mobile online banking, be sure to install the app from the bank’s official website or Google Play Store.

Also, apply updates on the app as soon as they are available and use an AV tool from a reputable vendor. To ensure maximum account security, use a strong password and enable multi-factor authentication on the app. If you need to install APKs from outside the store, carefully review their permission requests during and after installation. Finally, regularly check and make sure that Google Play Protect is enabled on your Android device.

Summary of news:

  • Android banking virus spreads using fake Google Play Store website
  • Check out all the news and articles from the latest security news updates.

About Author

Comments are closed.