Home / malwarePDF  

Android.Fakebanco


First posted on 22 November 2014.
Source: Symantec

Aliases :

There are no other names known for Android.Fakebanco.

Explanation :

Android package file
The Trojan may arrive as a package with the following characteristics:

Package name: appinventor.ai_funayamajogos.BancodoBrasil
Version: 5.72
Name: BancodoBrasil

Permissions
When the Trojan is being installed, it requests permissions to perform the following actions:
Write to external storage devicesOpen network connectionsAccess information about the Wi-Fi stateAccess information about networks

Installation
Once installed, the application will display a yellow icon with a blue logo, mimicking the appearance of a legitimate banking app.


Functionality
When the Trojan is executed, it poses as a legitimate banking app.

The Trojan then redirects users to the following remote location in order to steal their banking login credentials: [http://]imobiliariabrasil.com.br/mailing/Form-[REMOVED]
The remote location is currently not hosting the phishing content. It now warns users that the app is fake.

Last update 22 November 2014

 

TOP