Users of Itaú Unibanco app for Android are the target of a banking trojan that can carry out fraudulent transactions by stealing valuables stored in the victim’s account. The malicious agent was discovered by the digital security company Cyble, as a statement released last Thursday (23).

According to the firm’s experts, the malware in question uses fake messages to trick the bank’s customers into downloading a synchronizer, which would supposedly be needed to perform transactions in the bank’s app. After downloading in a fake Google Play Store version, the virtual plague installs itself on the device.

Then the trojan asks for permission to use the android accessibility services and, from there, it starts to work silently. With the concessions given, he tries to open the real Itaú app and pretends to be the victim, being able to perform operations on the platform as if he were the account holder himself.

Fake Play Store page used in malicious campaign.Source: Cyble/Reproduction

Also according to researchers, the malicious app does not request any advanced permissions, avoiding arousing suspicion, and has an icon identical to the real version. The fake download page the victim is directed to also looks a lot like the official Android app store, making the bait more effective.

Take cover

As the scam is based on a phishing campaign, the main tip is be suspicious of supposed sent messages by the bank via SMS or email and not click on the links contained therein. Also, avoid download apps outside of the Play Store, as they can hide various risks.

It is also essential. update apps installed on the cell phone and the operational system, getting the latest security fixes that eliminate different types of loopholes.

The fake Play Store used in this campaign is currently down, according to Cyble, but those responsible for the scam can resume it using different domains.