Home / malware Android.Fakebanco
First posted on 22 November 2014.
Source: SymantecAliases :
There are no other names known for Android.Fakebanco.
Explanation :
Android package file
The Trojan may arrive as a package with the following characteristics:
Package name: appinventor.ai_funayamajogos.BancodoBrasil
Version: 5.72
Name: BancodoBrasil
Permissions
When the Trojan is being installed, it requests permissions to perform the following actions:
Write to external storage devicesOpen network connectionsAccess information about the Wi-Fi stateAccess information about networks
Installation
Once installed, the application will display a yellow icon with a blue logo, mimicking the appearance of a legitimate banking app.
Functionality
When the Trojan is executed, it poses as a legitimate banking app.
The Trojan then redirects users to the following remote location in order to steal their banking login credentials: [http://]imobiliariabrasil.com.br/mailing/Form-[REMOVED]
The remote location is currently not hosting the phishing content. It now warns users that the app is fake.Last update 22 November 2014