Recently Android users were put on alert about multiple dangerous apps on Google Play Store that can steal your bank details and clean out your account. Security experts from ESET, a tech security firm, uncovered a long list of dangerous apps. While all the apps are no longer available on Google Play store, roughly 30,000 people have them installed on their mobile devices.
There is a huge variety of great apps to choose from for your smartphone which are legitimate and can be a great addition to your phone. Unfortunately, however, there are also many third-party apps out there which pose as a security risk. It can be hard to tell which third-party apps are dangerous and which are not. It’s a good idea to check reviews, research the app and use antivirus software to scan the apps before you open them.
Trojan Security Threat
According to ESET, these apps are sophisticated, target banking applications on your phone after it’s installed, unlike apps that impersonate legitimate banks. ESET discovered this malicious software was disguised as battery managers, device cleaners and horoscope apps on Google Play Store.
It was a complex malware campaign that relied on stealth. Where past malware apps used fake login screens, these group of apps allowed hackers to send and receive texts on a device where any of the above-listed apps were downloaded. This allowed them to bypass multifactor authentication, the protocol that protected internet banking data on mobile devices.
Once in, the hackers downloaded additional apps of their choice to impersonate the user. The ability to receive and send text from a user’s device gave them access to a user’s web accounts. They could implicate social media accounts logged in on the compromised device.
How does the app work?
Once you launch the app, an error message comes up on your screen. It claims the app was removed because it was incompatible with your device. Sometimes it functions normally or hides from view. The app can then access your device and steal sensitive information like your banking details. It’s for this reason it can be helpful to use a banking service which comes with an app, like B, so that you can easily track your spending and spot if there is anything amiss quickly.
ESET advised Android users on how to stay safe. These banking Trojans are not using advanced tricks on affected devices. If you suspect that you have one or more of these apps on your phone, simply uninstall them using the Application Manager feature under the Settings function of your device.
Android users are also advised to change their online banking passwords and social media account passwords. Obtain a statement of account from your bank to check for fraudulent activities.
In the future, check app ratings, the number of downloads and read reviews before downloading an app. Check what permissions you grant an app before installation. Do not download third-party apps from outside Google’s Play store.