Applications used to steal banking credentials
ESET has detected a new batch of malicious apps in Google Play. With their help, criminals collect credit card numbers and online banking, and then storing the stolen information online in the public domain.
Malicious apps have appeared in Google Play in June-July 2018. They mimic the official app of three Indian banks and downloaded from different developers, but actually created by one author (or group).
All applications operate on the same scheme. They offer customers to increase the credit card limit.
After launching the application displays a form for entering the card data, the limit of which is expected to increase. Fill in all the cells and pressing “Send”, the user goes to the next screen – where prompted for credentials to log in to online banking.
All fields marked as mandatory, although in fact you can leave them blank (this spelling also indicates a questionable origin of the application).
At last, the third screen user thank you for your interest and promise that in the near future in touch with him, “Manager customer service”. Needless to say, with the victim no contact.
Information entered in the app is sent to the attackers in plain text. The server on which the data is stored, available to anyone via the link, without additional authentication. This can increase the damage of victims, because their Bank details are available not only to the authors of malicious applications, but also other possible attackers.
Malicious apps have been removed from Google Play after a warning from ESET, however, they managed to install several hundred users.
