Faux finance apps on Google Play goal customers from world wide

Cybercrooks use bogus apps to phish six on-line banks and a cryptocurrency alternate

One other set of pretend finance apps has discovered its means into the official Google Play retailer. This time, the apps have impersonated six banks from New Zealand, Australia, the UK, Switzerland and Poland, and the Austrian cryptocurrency alternate Bitpanda. Utilizing bogus types, the malicious fakes phish for bank card particulars and/or login credentials to the impersonated professional providers.

Fake finance apps

Determine 1 – Six of the malicious apps discovered on Google Play

The malicious fakes have been uploaded to Google Play in June 2018 and have been put in greater than a thousand instances earlier than being taken down by Google. The apps have been uploaded underneath totally different developer names, every utilizing a distinct guise; code similarities, nevertheless, counsel the apps are the work of a single attacker. The apps use obfuscation, which could have contributed to their slipping into the Retailer undetected.

The only real function of those malicious apps is to acquire delicate info from unsuspecting customers. Among the apps make the most of the absence of an official cellular app for the focused service (comparable to Bitpanda), whereas others try to idiot customers by impersonating present official apps. The complete checklist of focused banks and providers might be discovered on the finish of this text.

How do the apps function?

Whereas the apps don’t observe one frequent process, upon launch all of them show types requesting bank card particulars and/or login credentials to the focused financial institution or service (examples might be seen in Determine 2). If customers fill out such a kind, the submitted knowledge is distributed to the attacker’s server. The apps then current their victims with a “Congratulations” or “Thanks” message (an instance might be seen in Determine 3), which is the place their performance ends.

Fake finance apps

Determine 2 – Bogus types phishing for bank card particulars and web banking login credentials

Fake finance apps

Determine 3 – Last display displayed by one of many malicious apps

The right way to keep secure

Should you suspect that you’ve got put in and used one in all these malicious apps, we advise you to uninstall it instantly.

Additionally, change your bank card PIN codes in addition to web banking passwords and examine your financial institution accounts for suspicious exercise. If there have been uncommon transactions, contact your financial institution. Customers of the Bitpanda cryptocurrency alternate who assume they’ve put in the pretend cellular app are suggested to examine their accounts for suspicious exercise and alter their passwords.

To keep away from falling sufferer to phishing and different pretend monetary apps, we advocate that you just:

  • Solely belief cellular banking and different finance apps if they’re linked from the official web site of your financial institution or the monetary service
  • Solely obtain apps from Google Play; this doesn’t make sure the app shouldn’t be malicious, however apps like these are way more frequent on third-party app shops and are not often eliminated as soon as uncovered, in contrast to on Google Play
  • Take note of the variety of downloads, app rankings and evaluations when downloading apps from Google Play
  • Solely enter your delicate info into on-line types in case you are certain of their safety and legitimacy
  • Hold your Android machine up to date and use a dependable cellular safety answer; ESET merchandise detect and block these malicious apps as Android/Spy.Banker.AIF, Android/Spy.Banker.AIE and Android/Spy.Banker.AIP

Focused banks and providers

Australia and New Zealand

Commonwealth Financial institution of Australia (CommBank)
The Australia and New Zealand Banking Group Restricted (ANZ)
ASB Financial institution

The UK
TSB Financial institution


Financial institution Zachodni WBK (renamed to Santander Financial institution Polska SA in September 2018)


Indicators of Compromise (IoCs)

Package deal identify Hash Detection
cw.cwnbm.cellular 651A3734103472297A2C65C81757FB5820AD2AB7 Android/Spy.Banker.AIF
au.cash.go DE09F03C401141BEB05F229515ABB64811DDB853 Android/Spy.Banker.AIF
asb.ezy.pay B6D70983C28B8A0059B454065D599B4E18E8097C Android/Spy.Banker.AIF
uk.cellular.tsb 91692607FB529218ADF00F256D5D1862DF90DAAF Android/Spy.Banker.AIF
ch.submit.finance FE1B2799B65D36F19484930FAF0DA17A0DBE9868 Android/Spy.Banker.AIF
pl.mblzch C43E7A28E1B807225F1E188C6DA51D24DCC54F5F Android/Spy.Banker.AIE
www.bit.panda 7D80158C8C893E46DC15E6D92ED2FECFDB12BF9F Android/Spy.Banker.AIP

Lukas Stefanko

Comments are closed.