Coronavirus: fake Immuni app empties bank account

A new Android malware exploits the name of the Immuni app, but also those of eBay, Paypal, Credem, Amazon, Intesa San Paolo and InBank.

The Computer Emergency Response Team of AGID, the Agency for Digital Italy that is part of the Presidency of the Council of Ministers, has discovered a site that imitates graphics and functions of Google's Play Store to spread infected apps. Among them, unfortunately, there's also a fake Immuni app that was artfully created to carry malware.

The discovery was made in collaboration with Italian cybersecurity company D3Lab and was fortunately extremely quick in timing: the dangerous site was put online, in fact, just ten days ago. This is a threat specific to Italy, since the infected apps found in this fake store are almost all imitations of equivalent Italian apps. Especially banking apps, from the main credit institutions in our country. The virus carried by these apps hasn't been analyzed yet, but according to CERT "it's definitely an Anubis derivative, like most of the MaaS for Android".

Which infected apps CERT discovered

The fake Play Store set up for this hacker campaign is full of infected apps. All fake, of course: Amazon Shopping, Credem, Immuni, Inbank, Instesa Sampaolo, InBank, eBay, PayPal. As you can easily guess they are all apps through which you can buy something or manage a bank account. That is, to move money.

Apps, therefore, very dangerous because being infected they have the sole purpose of stealing our bank data to empty our account. But, in reality, the thing is even more serious because if the virus carried by the apps is really a derivative of Anubis, as CERT believes, then the risks for the user are very high.

What is Anubis and why is it dangerous

Anubis is the father of many other viruses, developed over time from its code. And the reason is simple: Anubis is an "all-around" malware, capable of doing almost anything to infected devices and, for this reason, it is defined by computer security experts as a "hybrid" malware.

In detail, Anubis can: read and steal data from a smartphone, track user typing (keylogger), encrypt all data and then ask for a ransom (ransomware). It is therefore an extremely dangerous malware, from which other malicious codes have been developed and the one contained in the apps hosted on the Play Store fke discovered by CERT will surely not be any less.