An Android banking trojan that targets Itaú Unibanco, a significant Brazilian financial services provider with 55 million clients worldwide, has used a unique approach to spread to devices. The actors have created a page that closely resembles Android’s official Google Play app store. The objective is to fool users into believing they are downloading an app from a reliable source.
This trojan masquerades as Itaú Unibanco’s official banking app, with the same icon as the original app. The customer is asked to download the APK if they click the “Install” button, which is the first sign of fraud. Google Play Store apps are always installed via store interface, and users are never asked to download and install programs manually.
Researchers at Cyble examined the malware and discovered that when it is run, it tries to launch the original Itaú app from the Play Store. If that works, the app is used to carry out fraudulent transactions by altering the user’s input fields.
During installation, the program does not ask for any potentially dangerous permissions. Thus, it does not raise any red flags or risk of being detected by the antivirus program. Instead, it tries to take advantage of the Accessibility Service, which is all that mobile malware needs to go beyond Android’s protection.
As per the latest report from Security Research Labs, they’re now dealing with an Android malware Accessibility abuse epidemic, and Google has yet to patch the targeted flaw. As a result, only users can detect signs of misuse and halt malware before it harms the device.
The app will ask for permission to execute gestures, get window content, and watch user behaviors as one of these signs. The malicious APK distribution websites have been detected and shut down for the time being. However, the perpetrators may resurface using different domains.