Immuni still at the center of a scam attempt: new fake website spreading a malware able to empty our account, here’s how to recognize it.
Although the interest for Immuni, the Italian contact tracing app, has significantly decreased in recent weeks, hackers continue to exploit its name to spread viruses among Italian users. The app is now firmly established around 10 million downloads, but there is still someone who tries to exploit it for illegal purposes.
D3Lab, an Italian company that deals with cybersecurity, has in fact discovered a new fake website that faithfully reproduces the graphics and the interface of the official website of the app. When you download the app, which is available for both Android and iOS, what you end up with on your smartphone is not the government-approved contact tracing app at all, but an app infected with a trojan that can empty the bank account of the unfortunate user. Not all antivirus programs are able to intercept the trojan and block it immediately to protect the smartphone. Already in the past few weeks there was another attempt to spread an infected Immuni app.
Fake Immuni website: how to recognize it
Because the fake Immuni website is practically identical in graphics to the official one, with almost all content faithfully replicated to deceive the user, you need to be very careful: the only sure way to recognize it is to look at the URL, the website address that appears in the browser bar.
While the URL of the real Immuni site is www.immuni.italia.it the one of the dangerous fake site is en.immuni.com. Most browsers, fortunately, can figure out that it is a dangerous website and block access to it. If, however, the site is normally navigable then the risk is high: finding the differences between this fake site and the official one is very difficult.
Fake Immuni app: contains Alien malware
The analysis of the code of the fake Immuni app that you can download from the scam site, done by CERT-AGID, does not bring good news at all: it contains Alien, the successor of Cerberus.
Alien is a very advanced banking trojan: if it manages to enter the smartphone it can show fake login screens, steal passwords from other apps, access app content without the user’s knowledge.
It can also access the address book and text messages, which means that it can intercept messages sent by our bank as a second authentication factor. As a result, it can also access our bank account online.
How to download the real Immuni
Remember that to download the real Immuni app, the safe and malware-free one, you can visit the aforementioned www.immuni.italia.it and go to “Download App”. Here you will find two links to Google Play Store and Apple App Store, from which you can download Immuni.
For more security you can also directly open the Play Store or App Store from your smartphone, and search for Immuni. The real one is developed by the Ministry of Health, and among the information about the developer it also has the direct link to the real Immuni website. Alternatively, here are the direct links to the real Immuni app:
Immuni for Android
Immuni for iOS
.