U.S. CISA adds a Microsoft SharePoint Server flaw to its Known Exploited Vulnerabilities catalog|430,000 FortiGate Devices Exposed in FortiBleed Ransomware Link|Adobe fixed multiple maximum-severity flaws in ColdFusion and Campaign Classic|Alleged Scattered Spider Hacker Extradited to U.S. to Face Cybercrime Charges|Oracle E-Business Suite Flaw Under Active Attack, 950 Systems Exposed|Azure CLI Targeted in LSHIY Password Spray Campaign Across 64 Orgs|CISA Warns BlueHammer Flaw Is Now Exploited in Ransomware Attacks|RustDuck: The Botnet That’s Still Small but Engineering Like It Plans to Grow|GuardFall Flaw Hits 10 of 11 Popular Open-Source AI Agents|XSS.is, The Forum That Ran the Ransomware Supply Chain Is Down. The Market Isn’t|U.S. CISA adds SimpleHelp flaw to its Known Exploited Vulnerabilities catalog|Hackers Steal Data of 4.38 Million Aflac Japan Customers|U.S. CISA adds a Microsoft SharePoint Server flaw to its Known Exploited Vulnerabilities catalog|430,000 FortiGate Devices Exposed in FortiBleed Ransomware Link|Adobe fixed multiple maximum-severity flaws in ColdFusion and Campaign Classic|Alleged Scattered Spider Hacker Extradited to U.S. to Face Cybercrime Charges|Oracle E-Business Suite Flaw Under Active Attack, 950 Systems Exposed|Azure CLI Targeted in LSHIY Password Spray Campaign Across 64 Orgs|CISA Warns BlueHammer Flaw Is Now Exploited in Ransomware Attacks|RustDuck: The Botnet That’s Still Small but Engineering Like It Plans to Grow|GuardFall Flaw Hits 10 of 11 Popular Open-Source AI Agents|XSS.is, The Forum That Ran the Ransomware Supply Chain Is Down. The Market Isn’t|U.S. CISA adds SimpleHelp flaw to its Known Exploited Vulnerabilities catalog|Hackers Steal Data of 4.38 Million Aflac Japan Customers|
Advertisement

Ad Placeholder

Full Width × 90

Cyber Crime

Brazilian bank users threatened by 2 malicious apps deployed on the Google Play

Kaspersky Lab discovered a couple of malicious apps deployed on the official Google Play Store that targets Brazilian Android mobile banking users. A couple of malicious apps targeting Brazilian Android users were recently found in the official Google Play by experts at Kaspersky Lab. The malicious apps targeted mobile banking users using an appearance similar to the one of the […]

Brazilian bank users threatened by 2 malicious apps deployed on the Google Play

Kaspersky Lab discovered a couple of malicious apps deployed on the official Google Play Store that targets Brazilian Android mobile banking users.

A couple of malicious apps targeting Brazilian Android users were recently found in the official Google Play by experts at Kaspersky Lab. The malicious apps targeted mobile banking users using an appearance similar to the one of the legitimate banking apps, while the first app was published on October 31th and registered 80 installations, the second one was published on November 10th and had only 1 installation.

“This week we spotted the first Trojan banker targeting Brazilian users of Android devices. Two malicious applications meant to pass for apps from local Banks were hosted on Google Play.” reported the security researcher Fabio Assolini in a blog post.

As explained by the researchers the news isn’t surprising, more than 6 million Brazilians currently use mobile banking services and the Brazil is the country with the highest number of infections related banking industry in Q3 as reported in the Q3 threat evolution report issued by Kaspersky.

“Brazil remained the country where users are most often attacked by banking malware, even if its share was down one third. Russia stayed in second place. Italy dropped to 4th position while Germany rose to 3rd place: the number of attacked users in this country grew by 1.5 times.”

Brazil infections - Top 10 countries

The criminal crew that published the malicious apps on the Google Play store is using the name “Governo Federal” (Federal Government)

brazil malicious apps google play

The malicious apps are very simple, they were designed just to steal login credentials in a classic phishing scheme, Brazilian mobile banking users result particularly exposed to the attack so due to the lack of a strong authentication (i.e. two-factor authentication) for banking app.

The attackers used a free platform to create the malicious apps, ‘App Inventor’, which doesn’t require any particular skill to create a mobile application, but the results are an app big in size as explained in the post:

“To create the malicious app, the (lazy) bad guy decided to use “App Inventor”: a free platform that allows anyone to create their own mobile Android application, no technical knowledge required. The result is an app big in size and full of useless code. But both apps had the function to load the logos of the targeted Banks and open a frame – the phishing page programmed to capture the user’s credentials.” said the post. “The phishing pages of the targeted Banks were hosted on a hacked website. A good soul removed them and inserted an alert to the visitors stating: “Este é um aplicativo Falso, denuncie este app”, meaning “This is a fake app, please report it”. As a result, when the user downloads, installs and opens the fake banking app, this message is displayed inside, instead of the original phishing page”

The Kaspersky Lab team has already reported  both apps to Google that promptly removed them from the official Play Store.

Both malicious apps are detected as Trojan-Banker.AndroidOS.Binv.a and security experts have no doubts regarding the fact that cyber criminals will continue to explore official channels to spread malicious code.

A good starting point would be to implement a two-factor authentication for sensitive applications such as banking software.

Pierluigi Paganini

(Security Affairs –  Bazil, banking malicious apps)