ESET’s Lukas Stefanko revealed that the company helped Google to remove and eliminate six fake financial apps in the official app store. They disguised themselves as online banking or cryptocurrency trading applications, designed to steal real credit card data and login credentials from Android users, and then phishing. The fake Android apps were disguising themselves as official applications from the Austrian cryptocurrency exchange Bitpanda, as well as online banking clients counterfeiting Swiss, British, New Zealand, Australian and Polish banks.
The submission time for this batch of malware dates back to June 2018. Even so, these fake apps have already been downloaded and installed on more than 1,000 different Android devices before Google discovers their real purpose and removes it from Google Play.
Image: Six of the malicious apps found on Google Play by ESET
ESET pointed out that even though the above malware used different design and developer names when submitting, Stefanko found enough similarities in his code to infer that the same group was behind the scenes.
To conduct a cyber attack on the victim’s login credentials and card payment data, the fake app tricks the user into filling in the sensitive data in the text box and then sneaking back to the server specified by the attacker.
Once the fake app is launched on the device, the form for phishing is displayed. And after successfully sending the target’s sensitive data to the attacker, they will deliberately display “thank you” or “congratulations” and then exit the app.
All users who have installed an Android app discovered by Stefanko for malicious behaviour are advised to immediately uninstall, change the password, and check the bank account for suspicious transactions.
To avoid becoming a victim of such fake official financial apps, we would like to suggest – be sure to download them through the most reliable channels.