Thursday, December 26, 2024
Follow us On Linkedin
HomeAndroidHackers Uploaded Fake Apps into Google Play Store to Steal Credit card...

Hackers Uploaded Fake Apps into Google Play Store to Steal Credit card details and Login Credentials

AndroidMalwareSecurity Hacker

Published on

By Gurubaran
Hackers Uploaded Fake Apps into Google Play Store to Steal Credit card details and Login Credentials

API Security Audit

SIEM as a Service

Hackers uploaded finance based fake apps into the Google play store to steal credit card details and login credentials to the targeted bank or service. The malicious apps found to be uploaded into the Google play in June 2018 and they have been downloaded thousands of times.

These malicious apps use bogus phish forms to collect the credit card details and internet banking credentials from the victims. The fake apps were spotted by the Security researchers from ESET and these apps are uploaded under different usernames.

The main motive of the attackers is to steal the sensitive information from users and the apps impersonated six banks form the following countries New Zealand, Australia, the United Kingdom, Switzerland and Poland, and the Austrian based cryptocurrency exchange Bitpanda.

- Advertisement - SIEM as a Service
Fake apps

How do the Fake Apps work

These apps one launched displays forms requesting credit card details or the login credentials if the targeted banks or services and once the victim inputs the credentials it says “Congratulations” or “Thank you” and the app function ends at that point.

Fake apps

ESET reported the fake apps to Google and the apps have been removed from the Google play now, users are advised to uninstall the fake apps immediately if you have it in your system and to change the login credentials.

Common Defences and Mitigations

  • Give careful consideration to the permission asked for by applications.
  • Download applications from trusted sources.
  • Stay up with the latest version.
  • Encrypt your devices.
  • Make frequent backups of important data.
  • Install anti-malware on their devices.
  • Stay strict with CIA Cycle.

Indicators of Compromise (IoCs)

Package nameHashDetection
cw.cwnbm.mobile651A3734103472297A2C65C81757FB5820AD2AB7Android/Spy.Banker.AIF
au.money.goDE09F03C401141BEB05F229515ABB64811DDB853Android/Spy.Banker.AIF
asb.ezy.payB6D70983C28B8A0059B454065D599B4E18E8097CAndroid/Spy.Banker.AIF
uk.mobile.tsb91692607FB529218ADF00F256D5D1862DF90DAAFAndroid/Spy.Banker.AIF
ch.post.financeFE1B2799B65D36F19484930FAF0DA17A0DBE9868Android/Spy.Banker.AIF
pl.mblzchC43E7A28E1B807225F1E188C6DA51D24DCC54F5FAndroid/Spy.Banker.AIE
www.bit.panda7D80158C8C893E46DC15E6D92ED2FECFDB12BF9FAndroid/Spy.Banker.AIP

Related Read

Most Important Android Security Penetration Testing Tools for Hackers & Security Professionals

Google Released Security Updates for More than 40 Android Security vulnerabilities

Android Device With Open ADB Ports Exploited to Spread Satori Variant of Mirai Botnet

Gurubaran
Gurubaran
Gurubaran is a co-founder of Cyber Security News and GBHackers On Security. He has 10+ years of experience as a Security Consultant, Editor, and Analyst in cybersecurity, technology, and communications.

Latest articles

Cyber Security News

Indonesia Government Data Breach – Hackers Leaked 82 GB of Sensitive Data Online

Hackers have reportedly infiltrated and extracted a vast 82 GB of sensitive data from...
CVE/vulnerability

IBM AIX TCP/IP Vulnerability Lets Attackers Exploit to Launch Denial of Service Attack

IBM has issued a security bulletin warning of two vulnerabilities in its AIX operating...
CVE/vulnerability

Apache Auth-Bypass Vulnerability Lets Attackers Gain Control Over HugeGraph-Server

The Apache Software Foundation has issued a security alert regarding a critical vulnerability...
Cyber Attack

USA Launched Cyber Attack on Chinese Technology Firms

The Chinese National Internet Emergency Center (CNIE) has revealed two significant cases of cyber...

API Security Webinar

72 Hours to Audit-Ready API Security

APIs present a unique challenge in this landscape, as risk assessment and mitigation are often hindered by incomplete API inventories and insufficient documentation.

Join Vivek Gopalan, VP of Products at Indusface, in this insightful webinar as he unveils a practical framework for discovering, assessing, and addressing open API vulnerabilities within just 72 hours.

Discussion points

API Discovery: Techniques to identify and map your public APIs comprehensively.
Vulnerability Scanning: Best practices for API vulnerability analysis and penetration testing.
Clean Reporting: Steps to generate a clean, audit-ready vulnerability report within 72 hours.

Register Now

More like this

Cyber Attack

Skuld Malware Using Weaponized Windows Utilities Packages To Deliver Malware

Researchers discovered a malware campaign targeting the npm ecosystem, distributing the Skuld info stealer...
Cyber Security News

BellaCiao, A new .NET Malware With Advanced Sophisticated Techniques

An investigation revealed an intrusion in Asia involving the BellaCiao .NET malware, as the...
Cyber Attack

Lazarus Hackers Using New VNC Based Malware To Attack Organizations Worldwide

The Lazarus Group has recently employed a sophisticated attack, dubbed "Operation DreamJob," to target...

GBHackers on Security is a top cybersecurity news platform, delivering up-to-date coverage on breaches, emerging threats, malware, vulnerabilities, and global cyber incidents.

Company

Trending

Categories

Copyright @ 2016 - 2024 GBHackers On Security - All Rights Reserved