Trojan-Banker Malware Targeting Brazil Mobile Bankers

Kaspersky researchers have discovered a Trojan-Banker malware targeting Brazilian mobile banking users. They malware masquerading  as legitimate banking Apps on official Google store had already made over 80 download before being unmasked.

Phishing masters never rest, they would do anything humanly possible to lay their fingers on the target’s banking information, including PIN and credit/debit card numbers.  The bad guys will keep sending emails purportedly from your service provider asking you to update your credentials or risk being suspended from the service. Their antics have now been unearthed in Brazil after researchers from Kaspersky Lab discovered two bogus banking apps masquerading as genuine apps from Brazilian banks on Google Play.

According to Kaspersky’s researchers, it is first time online fraudsters are using a Trojan-Banker malware to target Brazilian mobile banking users. “This week we spotted the first Trojan banker targeting Brazilian users of Android devices. Two malicious applications meant to pass for apps from local Banks were hosted on Google Play,” said Fabio Assolini in a blog post.

The banking malware, designed by a fraudster code named “Governo Federal” (Federal government) targeted banking log in credentials of android users in Brazil. One of the bogus app designed on October 31st had already made 80 downloads while the other one had a single download before they were discovered. Both Apps used names of popular banks in Brazil.

Ideally, a banking malware uses complex codes, consuming hours and requiring highly qualified expertise. However, the Trojan-Banker discovered by Kaspersky is very “simple, but effective” an indication that online fraudsters have re-engineered their tactics. Actually, developers of the malware avoided the hassle of coding an App. They opted for “App Inventor” a free coding platform that allows users to create basic Apps, without much technical know how.

It is not entirely surprising cyber criminals are targeting Brazilian Mobile banking users considering the huge number of people using banking Apps to access their bank accounts. A report FEBRABAN (Federation of Brazilian banks) indicated that over 6 million Brazilians use Banking Apps. This,coupled with poor single factors authentication which only requires an account and a password, makes Brazil a good phishing grounds for attackers

Kaspersky had earlier ranked Brazil among countries heavily ridden with banking malware, and it was only a matter of when not if the attacker would attack. In 2012, Kaspersky had observed a similar phishing scam using phishing pages which was pulled down before causing significant losses.

Similarly, the bogus Apps has since been pulled down from Google play but Kaspersky warned of more deadly attacks in the future. “We reported both apps to Google, and they promptly removed them from the Play Store… We detect both apps as Trojan-Banker…we’re quite sure that these are only the first crude attempts of many more to come,” read Assolini’s blog.

Top/Featured Image: By OpenClips / Pixabay (

Pierluigi Paganini Cyber Security Analyst; Member, European Union Agency for Network and Information Security Threat Landscape Stakeholder Group; Founder, Security Affairs Blog. Co-author of The Deep Dark Web: The Hidden World.
Leave a Comment