A set of fake banking apps found its way onto the Google Play store, according an internet security product provider, and many people appear to have uploaded them before they were taken down.
Eset, based in Slovakia, with an office in Cape Town, says the malicious apps claim to increase the credit card limit for users of three Indian banks, and then phish for credit card and internet banking details using bogus forms, Eset says.
The fake apps were uploaded to Google Play in June and July this year. When Eset notified Google they were taken down, but by then they had been installed by hundreds of people. The apps were uploaded under three different developer names, each impersonating a different Indian bank: however, all three apps can be traced back to a single source..
All three apps follow the same procedure. On launch, a form requesting credit card details is displayed. If users fill out the form and hit “Submit”, they are taken to a form asking for their internet banking login credentials. Clicking through both forms – with or without filling them in – leads users to the third and final screen, which thanks users for their interest . The app offers no further functionality beyond this point.
Meanwhile, the data entered into the bogus forms is sent in plain text to the phisher’s server. The data is accessible to anyone with the link, without requiring authentication. “For the victims, this amplifies the potential damage, since their data is available to anyone who comes across it,” Eset says.
Recently, Eset warned against a fake MyEtherWallet app, exposing the private keys to victims’ wallets. “These discoveries highlight the need for extreme caution when downloading apps related to finances and cryptocurrencies,” Eset says.
To avoid falling victim to phishing apps, Eset recommends that you:
- Only trust mobile banking apps if they are linked to your bank’s official website;
- Never enter sensitive banking information into online forms if you aren’t sure of their legitimacy
- Pay attention to number of downloads, app ratings and reviews when downloading apps from Google Play; and
- Keep your Android device updated and use a reliable mobile security solution.