Pickpocketers in Latin America are stealing iPhones and hacking banking apps but nobody knows how

A new cybercriminal campaign is hitting the streets of Sao Paulo, Brazil, with a group dedicated to stealing iPhone devices in order to access victims’ bank accounts and steal as much money as possible. A report published in the local newspaper Folha de Sao Paulo states that this trend began during coronavirus confinement, although it has reached an unusual peak of activity. The report also states that the attacks are especially successful against iPhone 11 and iPhone XR users.

For some years it has been very common to see thieves on bicycles stealing phones on the streets of Brazil, although their main task was the resale of these devices. According to 9TO5MAC experts, one of these gangs now keeps the stolen iPhones to try to empty the victims’ bank accounts. Technical details about the robbery are not yet known, although the victims already number in the dozens.

On the other hand, the consumer protection authority in Brazil Procon has already announced a plan to take the necessary measures to stop this dangerous attack: “We have identified a gang of phone thieves whose main business is electronic fraud through stolen devices,” says Fernando Capez, director of Procon.

Local police Chief Roberto Monteiro also spoke out: “The gangs of thieves have finally realized the amount of sensitive information we store on our devices and, although compromising the security of an iOS system is very complicated, it is something completely possible.”

The report mentions that two of the banks whose customers have been affected are Itaú Unibanco and Nubank. It is worth mentioning that Itaú is one of the most important banking institutions in Brazil and throughout Latin America. In this regard, representatives of both banks mention that some measures have already been implemented to prevent similar incidents from happening again, which demonstrates the importance of having constantly updated mobile apps.

Finally, the Brazilian Federation of Banks says that all banking applications are verified and protected from their development to their use: “To approve the use of a mobile banking app, the use of the customer’s personal password is mandatory. The application usage data, as well as the customer’s password, is never stored by the bank’s applications on the customers’ devices.”

To learn more about information security risks, malware variants, vulnerabilities and information technologies, feel free to access the International Institute of Cyber Security (IICS) websites.