Unnamed malicious actors are going to great lengths to scam Brazilian consumers out of their hard-earned money.
According to cybersecurity researchers from Cyble, cybercriminals have created a fake Google Play Store page, which is being used to target the millions of customers of the Itau Unibanco bank with a malicious mobile banking app.
It’s not clear how exactly the targets are led towards the fake Play Store page, but it’s safe to assume a phishing campaign is live. In any case, once the victim is lured to the fake page (which looks almost identical to the legitimate Play Store) clicking the Download button actually prompts for the download of an APK.
This is the first major red flag, experts suggest, given that the Play Store installs the apps through the store interface and never offers the user the chance to download the actual APK.
If the fake app is downloaded and run, it will try to open the actual Itau Unibanco app from the legitimate store, and use it to clear out the victim’s accounts. The app doesn’t even need any major permissions during installation, making it hard for antivirus and anti-malware tools to detect it.
What it lacks in permissions, it makes up through the Accessibility Service, researchers further explained, which gives the trojan all it needs to bypass Android security protections. The malicious app will ask for permissions to perform gestures, retrieve window content and observe user action.
The fake website has since been taken down, but it is possible a new one might have popped up in the meantime.
To avoid falling victim to a similar scam, users are advised never to download content from unfamiliar sources, watch out for red flags that might betray a scam (strange URLs, spelling mistakes etc.), keep their security solutions up to date, and use strong passwords and 2FA.