Hackers uploaded finance based fake apps into the Google play store to steal credit card details and login credentials to the targeted bank or service. The malicious apps found to be uploaded into the Google play in June 2018 and they have been downloaded thousands of times.
These malicious apps use bogus phish forms to collect the credit card details and internet banking credentials from the victims. The fake apps were spotted by the Security researchers from ESET and these apps are uploaded under different usernames.
The main motive of the attackers is to steal the sensitive information from users and the apps impersonated six banks form the following countries New Zealand, Australia, the United Kingdom, Switzerland and Poland, and the Austrian based cryptocurrency exchange Bitpanda.
How do the Fake Apps work
These apps one launched displays forms requesting credit card details or the login credentials if the targeted banks or services and once the victim inputs the credentials it says “Congratulations” or “Thank you” and the app function ends at that point.
ESET reported the fake apps to Google and the apps have been removed from the Google play now, users are advised to uninstall the fake apps immediately if you have it in your system and to change the login credentials.
Common Defences and Mitigations
- Give careful consideration to the permission asked for by applications.
- Download applications from trusted sources.
- Stay up with the latest version.
- Encrypt your devices.
- Make frequent backups of important data.
- Install anti-malware on their devices.
- Stay strict with CIA Cycle.
Indicators of Compromise (IoCs)
| Package name | Hash | Detection |
|---|---|---|
| cw.cwnbm.mobile | 651A3734103472297A2C65C81757FB5820AD2AB7 | Android/Spy.Banker.AIF |
| au.money.go | DE09F03C401141BEB05F229515ABB64811DDB853 | Android/Spy.Banker.AIF |
| asb.ezy.pay | B6D70983C28B8A0059B454065D599B4E18E8097C | Android/Spy.Banker.AIF |
| uk.mobile.tsb | 91692607FB529218ADF00F256D5D1862DF90DAAF | Android/Spy.Banker.AIF |
| ch.post.finance | FE1B2799B65D36F19484930FAF0DA17A0DBE9868 | Android/Spy.Banker.AIF |
| pl.mblzch | C43E7A28E1B807225F1E188C6DA51D24DCC54F5F | Android/Spy.Banker.AIE |
| www.bit.panda | 7D80158C8C893E46DC15E6D92ED2FECFDB12BF9F | Android/Spy.Banker.AIP |
Related Read
Most Important Android Security Penetration Testing Tools for Hackers & Security Professionals
Google Released Security Updates for More than 40 Android Security vulnerabilities
Android Device With Open ADB Ports Exploited to Spread Satori Variant of Mirai Botnet
