Security Research Firm Uncovers Fake Finance Apps on Google Play

  • Users from all around the world are being duped by fake finance apps impersonating popular banking institutions.
  • Austrian cryptocurrency exchange Bitpanda has also been identified as a target of these malicious apps.
  • The apps are designed to phish for login credentials by impersonating as legitimate services.

Six financial institutions including five banks and a cryptocurrency have been caught amidst a phishing scam. A number of apps on Google Play were impersonating banks from New Zealand, Australia, the United Kingdom, Switzerland, and Poland as well as cryptocurrency exchange Bitpanda.

The Google Play apps make use of bogus forms and impersonate legitimate services to phish for credit card details and login credentials of unsuspecting customers. The apps were published on Google Play in June 2018, and they have seen thousands of downloads before being taken down.

Fake Banking Apps on Google Play
Image Courtesy of We Live Security

According to We Live Security “While the apps don’t follow one common procedure, upon launch they all display forms requesting credit card details and/or login credentials to the targeted bank or service. If users fill out such a form, the submitted data is sent to the attacker’s server. The apps then present their victims with a “Congratulations” or “Thank you” message, which is where their functionality ends.

The developers of the malicious apps used different names to hide their identities. However, a detailed inspection by security researchers revealed the similarities in code proving that the apps have been built by the same attacker. The apps take advantage of code obfuscation which can prevent Google’s automated scanning systems from detecting the malicious code.

To prevent phishing scams, it is recommended to download apps from trusted sources only. Official websites of banks include Google Play and Apple Store links to their apps that are trusted. Downloading apps from Google’s platform does not mean that they are trusted while developers often finding loopholes to get past the security checks in place. However, Google’s platform is substantially more reliable than third-party stores which are often infested with malware.

What do you think about the malicious apps uploaded to Google Play? Let us know in the comments below. Also, share the news on social media and catch up with us on Facebook and Twitter

REVIEW OVERVIEW

Latest

Microsoft Launches a Redesigned Notepad for Windows 11

The redesigned Notepad for Windows 11 is now rolling out to Windows Insiders. In its new design, Notepad is aligned with the new...

Instagram Reveals New Tools to Keep Teens Safe, Including Parental Controls

Instagram announced its intent to take a 'stricter approach' regarding the content it shows to teen users. As part of Instagram's new tools,...

Microsoft Seizes Chinese-Based Hacker Group’s Websites

Microsoft has taken down several websites used by the China-backed hacker group called Nickel.The seized websites were used to gather information from...
For a better user experience we recommend using a more modern browser. We support the latest version of the following browsers: For a better user experience we recommend using the latest version of the following browsers: Chrome, Edge, Firefox, Safari