INTRODUCTION

Security experts Cyble recently uncovered a malicious Android application targeting the popular Brazilian banking company Itaú Unibanco. This application has an identical icon and name that could trick users to think it is a legitimate app related to Itaú Unibanco. The threat actor has created a fake Google Play Store page and hosted the malware that targets Itaú Unibanco on it under the name ‘sincronizador.apk.’”

The fake URL impersonates the official Android app marketplace and also hosts the malware-laced Itaú Unibanco application, in addition to claiming that the app downloaded 1,895,897 times.

The main aim of the Trojan is to perform fraudulent financial transactions on the legitimate Itaú Unibanco application by tampering with the user’s input fields. Google has begun imposing new limitations to restrict the use of such permissions that allow apps to capture sensitive information from Android devices.

​​APK Metadata Information

• ​App Name: _lTAU_SINC/sincronizador
• ​Package Name: com.app.pacotesinkinstall
• ​SHA256 Hash: 3500c50910c94c7f9bc7b39a7b194bac6137cef586281ee22f5439bb2d140480

Infection Chain

Once the user installs the fake application, the website automatically downloads a malicious application with sincronizador.apk from the URL: hxxps://acesso.sincronizadorltoken[.]com/playstore_downloadS34/sincronizador.apk. Whenever the user opens the application, it prompts the user to enable the Accessibility Service and allow permissions to perform other actions such as Observe actions, Retrieve window content, and Perform gestures.

Threat Actors constantly adapt their methods to avoid detection and find new ways to target users through increasingly sophisticated techniques. Such malicious applications often masquerade as legitimate applications to trick users into installing them. Users should install applications only after verifying their authenticity and install them exclusively from the official Google Play Store and other trusted portals to avoid such attacks.

How to Spot Fake Apps

Even with multiple security checks and scans in place, several counterfeit and malicious apps remain undetected and make their way to the Play Store. Here are a few security tips to spot fake and malicious mobile applications:

• Check for Discrepancies in the App Icon.
• Observe App and its Developer’s Name.
• Watch the Download Count.
• Screenshots and Reviews.
• App Publish/Update Date and Permissions.

Mitigation     

• Download and install software only from official app stores like Google Play Store or the iOS App Store.
• Use a reputed anti-virus and internet security software package on your connected devices, such as PCs, laptops, and mobile devices.
• Use strong passwords and enforce multi-factor authentication wherever possible.
• Enable biometric security features such as fingerprint or facial recognition for unlocking the mobile device where possible.
• Be wary of opening any links received via SMS or emails delivered to your phone.
• Ensure that Google Play Protect is enabled on Android devices.
• Be careful while enabling any permission.
• Keep your devices, operating systems, and applications updated.