Wednesday, 19 February 2020


Another set of fake finance apps has found its way into the official Google Play store.
This time around, the apps have impersonated six banks from Australia, New Zealand, Poland, Switzerland, the United Kingdom and the Austrian cryptocurrency exchange Bitpanda. Using bogus forms, the malicious fakes phish for credit card details and/or login credentials to the impersonated legitimate services.

According to Lukas Stefanko, malware researcher at ESET - an antivirus and Internet security solutions provider based in Bratislava, Slovakia - the malicious fakes were uploaded to Google Play in June and were installed more than a thousand times before being taken down by Google.

“The apps were uploaded under different developer names, each using a different guise. However, code similarities suggest the apps are the work of a single attacker. The apps use obfuscation, which might have contributed to their slipping into the store undetected,” Stefanko said.

The sole purpose of these malicious apps is to obtain sensitive information from unsuspecting users. Some of the apps take advantage of the absence of an official mobile app for the targeted service (such as Bitpanda), while others attempt to fool users by impersonating existing official apps.

How the apps operate

While the apps don’t follow one common procedure, upon launch they all display forms requesting credit card details and/or login credentials to the targeted bank or service. “If users fill out such a form, the submitted data is sent to the attacker’s server,” Stefanko said. The apps then present their victims with a ‘Congratulations’ or ‘Thank you’ message, which is where their functionality ends.

How to stay safe

Stefanko advised those who may have unsuspectingly installed and used one of these malicious apps to uninstall them immediately.

“Also, change your credit card pin codes as well as Internet banking passwords and check your bank accounts for suspicious activity. If there have been unusual transactions, contact your bank. Users of the Bitpanda cryptocurrency exchange who think they have installed the fake mobile app are advised to check their accounts for suspicious activity and change their passwords.”

To avoid falling victim to phishing and other fake financial apps, Stefanko recommends trusting mobile banking and other finance apps only if they are linked from the official website of a bank or financial service. He recommends downloading apps from Google Play - this does not ensure the app is not malicious, but apps like these are much more common on third-party app stores and are rarely removed once uncovered, unlike on Google Play.

Paying attention to the number of downloads, app ratings and reviews when downloading apps from Google Play is important, besides entering sensitive information into online forms only when one is sure of their security and legitimacy.

Additionally, Stefanko recommends keeping one’s Android device updated and using a reliable mobile security solution.

Legal disclaimer: The insight, recommendations and analysis presented here are based on corporate filings, current events, interviews, corporate press releases, and what we've learned as financial journalists. They are presented for the purposes of general information only, and all the information belongs to the original publishers. These may contain errors and we make no promises as to the accuracy or usefulness of the information we present. You should not make any investment decision based solely on what you read here.

Creamcoin Marketcap