Android banking trojan spreads via fake Google Play Store page


Level 85
Thread author
Honorary Member
Top Poster
Content Creator
Malware Hunter
Aug 17, 2014
The actors have set up a page that looks very close to Android's official Google Play app store to trick visitors into thinking they are installing the app from a trustworthy service.
The malware pretends to be the official banking app for Itaú Unibanco and features the same icon as the legitimate app.
If the user clicks on the "Install" button, they are offered to download the APK, which is the first sign of the scam. Google Play Store apps are installed through the store interface, never asking the user to download and install programs manually.
Researchers at Cyble analyzed the malware, finding that upon execution, it attempts to open the real Itaú app from the actual Play Store.
If that succeeds, it uses the actual app to perform fraudulent transactions by changing the user's input fields.
The app doesn't request any dangerous permissions during installation, thus avoiding raising suspicious or risking detection from AV tools.
Instead, it aims to leverage the Accessibility Service, which is all that's needed by mobile malware to bypass all security on Android systems.

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.