Thursday, January 30, 2025
Follow us On Linkedin
HomeAndroidHackers Uploaded Fake Apps into Google Play Store to Steal Credit card...

Hackers Uploaded Fake Apps into Google Play Store to Steal Credit card details and Login Credentials

AndroidMalwareSecurity Hacker

Published on

By Gurubaran
Hackers Uploaded Fake Apps into Google Play Store to Steal Credit card details and Login Credentials

Free Webinar DevSecOps Hacks

SIEM as a Service

Follow Us on Google News

Hackers uploaded finance based fake apps into the Google play store to steal credit card details and login credentials to the targeted bank or service. The malicious apps found to be uploaded into the Google play in June 2018 and they have been downloaded thousands of times.

These malicious apps use bogus phish forms to collect the credit card details and internet banking credentials from the victims. The fake apps were spotted by the Security researchers from ESET and these apps are uploaded under different usernames.

The main motive of the attackers is to steal the sensitive information from users and the apps impersonated six banks form the following countries New Zealand, Australia, the United Kingdom, Switzerland and Poland, and the Austrian based cryptocurrency exchange Bitpanda.

Fake apps

How do the Fake Apps work

These apps one launched displays forms requesting credit card details or the login credentials if the targeted banks or services and once the victim inputs the credentials it says “Congratulations” or “Thank you” and the app function ends at that point.

Fake apps

ESET reported the fake apps to Google and the apps have been removed from the Google play now, users are advised to uninstall the fake apps immediately if you have it in your system and to change the login credentials.

Common Defences and Mitigations

  • Give careful consideration to the permission asked for by applications.
  • Download applications from trusted sources.
  • Stay up with the latest version.
  • Encrypt your devices.
  • Make frequent backups of important data.
  • Install anti-malware on their devices.
  • Stay strict with CIA Cycle.

Indicators of Compromise (IoCs)

Package nameHashDetection
cw.cwnbm.mobile651A3734103472297A2C65C81757FB5820AD2AB7Android/Spy.Banker.AIF
au.money.goDE09F03C401141BEB05F229515ABB64811DDB853Android/Spy.Banker.AIF
asb.ezy.payB6D70983C28B8A0059B454065D599B4E18E8097CAndroid/Spy.Banker.AIF
uk.mobile.tsb91692607FB529218ADF00F256D5D1862DF90DAAFAndroid/Spy.Banker.AIF
ch.post.financeFE1B2799B65D36F19484930FAF0DA17A0DBE9868Android/Spy.Banker.AIF
pl.mblzchC43E7A28E1B807225F1E188C6DA51D24DCC54F5FAndroid/Spy.Banker.AIE
www.bit.panda7D80158C8C893E46DC15E6D92ED2FECFDB12BF9FAndroid/Spy.Banker.AIP

Related Read

Most Important Android Security Penetration Testing Tools for Hackers & Security Professionals

Google Released Security Updates for More than 40 Android Security vulnerabilities

Android Device With Open ADB Ports Exploited to Spread Satori Variant of Mirai Botnet

Gurubaran
Gurubaran
Gurubaran is a co-founder of Cyber Security News and GBHackers On Security. He has 10+ years of experience as a Security Consultant, Editor, and Analyst in cybersecurity, technology, and communications.

Latest articles

cyber security

Hackers Exploiting DNS Poisoning to Compromise Active Directory Environments

A groundbreaking technique for Kerberos relaying over HTTP, leveraging multicast poisoning, has been recently...
Android

New Android Malware Exploiting Wedding Invitations to Steal Victims WhatsApp Messages

Since mid-2024, cybersecurity researchers have been monitoring a sophisticated Android malware campaign dubbed "Tria...
cyber security

500 Million Proton VPN & Pass Users at Risk Due to Memory Protection Vulnerability

Proton, the globally recognized provider of privacy-focused services such as Proton VPN and Proton...
cyber security

Arcus Media Ransomware Strikes: Files Locked, Backups Erased, and Remote Access Disabled

The cybersecurity landscape faces increasing challenges as Arcus Media ransomware emerges as a highly...

API Security Webinar

Free Webinar - DevSecOps Hacks

By embedding security into your CI/CD workflows, you can shift left, streamline your DevSecOps processes, and release secure applications faster—all while saving time and resources.

In this webinar, join Phani Deepak Akella ( VP of Marketing ) and Karthik Krishnamoorthy (CTO), Indusface as they explores best practices for integrating application security into your CI/CD workflows using tools like Jenkins and Jira.

Discussion points

Automate security scans as part of the CI/CD pipeline.
Get real-time, actionable insights into vulnerabilities.
Prioritize and track fixes directly in Jira, enhancing collaboration.
Reduce risks and costs by addressing vulnerabilities pre-production.

Register Now

More like this

Android

New Android Malware Exploiting Wedding Invitations to Steal Victims WhatsApp Messages

Since mid-2024, cybersecurity researchers have been monitoring a sophisticated Android malware campaign dubbed "Tria...
cyber security

Hackers Impersonate Top Tax Firm with 40,000 Phishing Messages to Steal Credentials

Proofpoint researchers have identified a marked increase in phishing campaigns and malicious domain registrations...
cyber security

Lazarus Group Drop Malicious NPM Packages in Developers Systems Remotely

In a recent discovery by Socket researchers, a malicious npm package named postcss-optimizer has...

GBHackers on Security is a top cybersecurity news platform, delivering up-to-date coverage on breaches, emerging threats, malware, vulnerabilities, and global cyber incidents.

Company

Trending

Categories

Copyright @ 2016 - 2024 GBHackers On Security - All Rights Reserved