New Android banking Malware targets Brazil's Itaú Unibanco Bank

New Android banking Malware targets Brazil’s Itaú Unibanco Bank

Pierluigi Paganini December 27, 2021

Researchers analyzed a new Android banking malware that targets Brazil’s Itaú Unibanco that spreads through fake Google Play Store pages.

Researchers from threat intelligence firm Cyble analyzed a new Android banking malware that targets Brazil’s Itaú Unibanco trying to perform fraudulent financial transactions on the legitimate Itaú Unibanco applications without the victim’s knowledge.

Threat actors spread the malware using fake Google Play Store pages hosting malicious applications under the name ‘sincronizador.apk .’ The malware was first spotted by researchers at MalwareHunterTeam.

Another day, another not much detected "sincronizador.apk": 3500c50910c94c7f9bc7b39a7b194bac6137cef586281ee22f5439bb2d140480
From: https://acesso.sincronizadorltoken[.]com/playstore_downloadS34/ -> https://acesso.sincronizadorltoken[.]com/playstore_downloadS34/sincronizador.apk pic.twitter.com/smTOn48NQA
— MalwareHunterTeam (@malwrhunterteam) December 16, 2021

“The malware tries to perform fraudulent financial transactions on the legitimate Itaú Unibanco applications without the victim’s knowledge. This application has a similar icon and name that could trick users into thinking it is a legitimate app related to Itaú Unibanco.” reads the analysis published by the experts. “we observed that the TA has created a fake Google Play Store page and hosted the malware that targets Itaú Unibanco on it under the name ‘sincronizador.apk.’ “

Upon launching the malicious app, it asks users to enable the AccessibilityService and allow other actions such as Observe actions, Retrieve window content, and Perform gestures. The malware uses AccessibilityService to carry out its malicious activities, this permission allows the malware to access notifications and window content, and perform gestures on the display (i.e. tap the display).

The fake Google Play page analyzed by Cyble claims that the app has had 1,895,897 downloads.

Users should install applications only from the official stores to avoid such attacks.

“_lTAU_SINC/sincronizador Android malware targets the Brazilian bank Itaú Unibanco’s users and tries to perform fraudulent financial transactions without the victim’s knowledge.” concludes the experts.

“Threat Actors constantly adapt their methods to avoid detection and find new ways to target users through increasingly sophisticated techniques. Such malicious applications often masquerade as legitimate applications to trick users into installing them.”

Follow me on Twitter: @securityaffairs and Facebook

[adrotate banner=”9″]

[adrotate banner=”12″]

Pierluigi Paganini

(SecurityAffairs – hacking, Android banking malware)

[adrotate banner=”5″]

[adrotate banner=”13″]

Pierluigi Paganini July 27, 2025

Allianz Life data breach exposed the data of most of its 1.4M customers

Pierluigi Paganini July 27, 2025