MUST READ

Anne Arundel Dermatology data breach impacts 1.9 million people

 | 

LameHug: first AI-Powered malware linked to Russia’s APT28

 | 

5 Features Every AI-Powered SOC Platform Needs in 2025

 | 

Broadcom patches critical VMware flaws exploited at Pwn2Own Berlin 2025

 | 

Stormous Ransomware gang targets North Country HealthCare, claims 600K patient data stolen

 | 

United Natural Foods Expects $400M revenue impact from June cyber attack

 | 

Cisco patches critical CVE-2025-20337 bug in Identity Services Engine with CVSS 10 Severity

 | 

UNC6148 deploys Overstep malware on SonicWall devices, possibly for ransomware operations

 | 

Operation Eastwood disrupted operations of pro-Russian hacker group NoName057(16)

 | 

Salt Typhoon breach: Chinese APT compromises U.S. Army National Guard network

 | 

Former US Army member confesses to Telecom hack and extortion conspiracy

 | 

CVE-2025-6554 marks the fifth actively exploited Chrome Zero-Day patched by Google in 2025

 | 

DDoS peaks hit new highs: Cloudflare mitigated massive 7.3 Tbps assault

 | 

U.S. CISA adds Wing FTP Server flaw to its Known Exploited Vulnerabilities catalog

 | 

Android Malware Konfety evolves with ZIP manipulation and dynamic loading

 | 

Belk hit by May cyberattack: DragonForce stole 150GB of data

 | 

North Korea-linked actors spread XORIndex malware via 67 malicious npm packages

 | 

FBI seized multiple piracy sites distributing pirated video games

 | 

An attacker using a $500 radio setup could potentially trigger train brake failures or derailments from a distance

 | 

Interlock ransomware group deploys new PHP-based RAT via FileFix

 | 

New Android banking Malware targets Brazil’s Itaú Unibanco Bank

Pierluigi Paganini December 27, 2021

Researchers analyzed a new Android banking malware that targets Brazil’s Itaú Unibanco that spreads through fake Google Play Store pages.

Researchers from threat intelligence firm Cyble analyzed a new Android banking malware that targets Brazil’s Itaú Unibanco trying to perform fraudulent financial transactions on the legitimate Itaú Unibanco applications without the victim’s knowledge.

Threat actors spread the malware using fake Google Play Store pages hosting malicious applications under the name ‘sincronizador.apk .’ The malware was first spotted by researchers at MalwareHunterTeam.

“The malware tries to perform fraudulent financial transactions on the legitimate Itaú Unibanco applications without the victim’s knowledge. This application has a similar icon and name that could trick users into thinking it is a legitimate app related to Itaú Unibanco.” reads the analysis published by the experts. “we observed that the TA has created a fake Google Play Store page and hosted the malware that targets Itaú Unibanco on it under the name ‘sincronizador.apk.’ “

Upon launching the malicious app, it asks users to enable the AccessibilityService and allow other actions such as Observe actions, Retrieve window content, and Perform gestures. The malware uses AccessibilityService to carry out its malicious activities, this permission allows the malware to access notifications and window content, and perform gestures on the display (i.e. tap the display).

The fake Google Play page analyzed by Cyble claims that the app has had 1,895,897 downloads.

Users should install applications only from the official stores to avoid such attacks. 

“_lTAU_SINC/sincronizador Android malware targets the Brazilian bank Itaú Unibanco’s users and tries to perform fraudulent financial transactions without the victim’s knowledge.” concludes the experts.

“Threat Actors constantly adapt their methods to avoid detection and find new ways to target users through increasingly sophisticated techniques. Such malicious applications often masquerade as legitimate applications to trick users into installing them.”

Follow me on Twitter: @securityaffairs and Facebook

[adrotate banner=”9″][adrotate banner=”12″]

Pierluigi Paganini

(SecurityAffairs – hacking, Android banking malware)

[adrotate banner=”5″]

[adrotate banner=”13″]

Android Android malware Banking Malware Cybersecurity cybersecurity news Hacking hacking news information security news malware Pierluigi Paganini Security Affairs Security News

you might also like

Pierluigi Paganini July 18, 2025
Anne Arundel Dermatology data breach impacts 1.9 million people
Read more
Pierluigi Paganini July 18, 2025
LameHug: first AI-Powered malware linked to Russia’s APT28
Read more

leave a comment

newsletter

Subscribe to my email list and stay
up-to-date!

recent articles

Anne Arundel Dermatology data breach impacts 1.9 million people

Data Breach / July 18, 2025

LameHug: first AI-Powered malware linked to Russia’s APT28

APT / July 18, 2025

5 Features Every AI-Powered SOC Platform Needs in 2025

Security / July 18, 2025

Broadcom patches critical VMware flaws exploited at Pwn2Own Berlin 2025

Security / July 18, 2025

Stormous Ransomware gang targets North Country HealthCare, claims 600K patient data stolen

Data Breach / July 17, 2025