Gadget

More fake apps found in Google Play store

Figure 1 – Six of the malicious apps found on Google Play

How do the apps operate?

While the apps don’t follow one common procedure, upon launch they all display forms requesting credit card details and/or login credentials to the targeted bank or service (examples can be seen in Figure 2). If users fill out such a form, the submitted data is sent to the attacker’s server. The apps then present their victims with a “Congratulations” or “Thank you” message (an example can be seen in Figure 3), which is where their functionality ends.

Figure 2 – Bogus forms phishing for credit card details and internet banking login credentials

 

Figure 3 – Final screen displayed by one of the malicious apps

How to stay safe

If you suspect that you have installed and used one of these malicious apps, we advise you to uninstall them immediately.

Also, change your credit card pin codes as well as internet banking passwords and check your bank accounts for suspicious activity. If there have been unusual transactions, contact your bank. Users of the Bitpanda cryptocurrency exchange who think they have installed the fake mobile app are advised to check their accounts for suspicious activity and change their passwords.

To avoid falling victim to phishing and other fake financial apps, we recommend that you:

Exit mobile version