New Android Malware Imitates Banking Apps

It's easy to avoid if you follow basic steps.

30/04/2016 1:14 AM AEST | Updated 30/04/2016 1:14 AM AEST

Be careful about what you're downloading on your phone: Nearly a dozen "well-designed," cash-stealing apps have reportedly been uploaded to the Google Play store recently.

These apps, which started cropping up at the beginning of this year, imitate banking and payment apps to collect private information from users, according to security researcher Joshua Shilko

This is basically the oldest trick in the book, as far as online scams go. But what makes this situation somewhat unique is that the bogus apps are officially available on the Google Play store, where you'd expect to download apps safely.  

A spokesperson for Google did not immediately respond to a request for comment from The Huffington Post. Shilko, who works for an anti-fraud company that profits from brands that want to secure themselves against attacks, did not name the malicious apps in his blog post on the matter.

But Shilko told HuffPost that his company, PhishLabs, is working with Google.

"In the case of these mobile applications, we have been communicating with Google regularly regarding each application as they are detected," Shilko said via LinkedIn message.

This sort of thing has happened before. Last year, games containing malicious code made their way onto the Google Play store and were downloaded up to 10 million times. Google does scan apps for security concerns before making them available to users, but bad actors have found ways to worm around the checks.

As for this particular case, avoiding the malware yourself is pretty simple. For one thing, there aren't very many affected apps, and they're only imitating brands from the United States and United Kingdom, Shilko said.

And there are a few steps to keep in mind if you're feeling cautious.

"If you are unsure of the legitimacy of an application on the Google Play Store or any other official app store, make sure that the provider offers a legitimate mobile application by checking their official website or contacting them directly," Shilko told HuffPost.

"Often, companies will provide links directly from their official website to their official application in the Play Store. Do not utilize unsolicited mobile application download links provided via email or SMS," he added.

While this particular threat is fairly minor, Shilko did tell HuffPost he worries the methodology might be adopted by other attackers -- so keep all of this in mind moving forward.

Meanwhile, a report from Google last week said Android is actually becoming a safer platform. The company is said to scan 6 billion apps for malware every day.

More On This Topic