According to Lukas Stefanko, malware researcher at ESET – an antivirus and Internet safety options provider primarily based in Bratislava, Slovakia – the malicious fakes had been uploaded to Google Play in June and had been installed a lot more than a thousand occasions just before getting taken down by Google.
“The apps were uploaded under different developer names, each using a different guise. However, code similarities suggest the apps are the work of a single attacker. The apps use obfuscation, which might have contributed to their slipping into the store undetected,” Stefanko stated.
The sole objective of these malicious apps is to get sensitive details from unsuspecting customers. Some of the apps take benefit of the absence of an official mobile app for the targeted service (such as Bitpanda), although other individuals try to fool customers by impersonating current official apps.
How the apps operate
While the apps do not stick to 1 typical process, upon launch they all show types requesting credit card particulars and/or login credentials to the targeted bank or service. “If users fill out such a form, the submitted data is sent to the attacker’s server,” Stefanko stated. The apps then present their victims with a ‘Congratulations’ or ‘Thank you’ message, which is exactly where their functionality ends.
How to keep protected
Stefanko advised these who could have unsuspectingly installed and employed 1 of these malicious apps to uninstall them right away.
“Also, change your credit card pin codes as well as Internet banking passwords and check your bank accounts for suspicious activity. If there have been unusual transactions, contact your bank. Users of the Bitpanda cryptocurrency exchange who think they have installed the fake mobile app are advised to check their accounts for suspicious activity and change their passwords.”
To steer clear of falling victim to phishing and other fake economic apps, Stefanko recommends trusting mobile banking and other finance apps only if they are linked from the official site of a bank or economic service. He recommends downloading apps from Google Play – this does not make certain the app is not malicious, but apps like these are a lot a lot more typical on third-celebration app shops and are seldom removed when uncovered, in contrast to on Google Play.
Paying interest to the quantity of downloads, app ratings and evaluations when downloading apps from Google Play is crucial, in addition to getting into sensitive details into on the internet types only when 1 is positive of their safety and legitimacy.
Additionally, Stefanko recommends maintaining one’s Android device updated and making use of a dependable mobile safety remedy.
Information Source: Muscat Daily