This is not new, but, of late we see that another set of dangerous apps has made its way into the official Google Play store. The banking apps or merely referred to dangerous apps by the consumers as it claims to raise the credit card limit for users of three Indian banks.
The malicious applications hunt for banking information, net banking credentials, and credit card details utilizing the bogus forms. What’s even worse, the data stolen from the victims is leaked online, in plain text, via an exposed server.
In between the months of June and July 2018, the fake apps were uploaded onto Google. The ESET hinted Google and it quickly reacted by pulling it out, however, the fake apps had already been installed on hundreds of devices.
Three different developer names were used to upload the applications and each of it impersonated a different Indian bank. Nevertheless, all the 3 dangerous apps were traced back to a single attacker.
How Do These Apps Work
As the apps were developed by the same person, they tend to follow the same procedures too. After launching, a form prompts on the screen demanding for the user Credit Card details as seen in the below image.
When the user completes filling out the form and hits the “Submit” button, the next stage of the scam starts asking for the internet banking login credentials as seen in the below image. On the flipside, all fields are marked as “required” (*), but still, they can be successfully submitted empty. The perfect indicator that it is not authentic.
Keep navigating on the screens without clicking till you reach the third and final screen. A message is showcased, which thanks users for their interest and informs them that a “Customer Service Executive” will be in touch shortly. No one will really call these victims and the functionality of the app stops right here!
In the meantime, the data collected through the fake forms are directed to the plain text of the cybercriminal’s server. The data is available to anyone who has the link and does not ask for any authentication. As for the victims, their banking information is available to anyone which amplifies the potential damage.
How To Better Protect From Such Dangerous Apps Attack
If you realize that you have installed the malicious apps, the first thing to do without wasting a second is to uninstall it ASAP. It is recommendable to frequently change the internet banking passwords and credit card pin to stay safe. If you are unsure of the app then never install it. Besides that, look for details such as the number of downloads, app ratings, and reviews when downloading apps from Google Play.
To better protect, you can use cWatch a perfect protection tool for your website, web servers and web applications against the rising sophistication of hacker threats. For more details visit our official page!
Vinoth Kumar working as a professional writer In cybersecurity. He works specifically on cyber security and cloud computing projects. He was born in Chennai, India June . Since childhood, he has been collecting inspirational paintings, and this is his hobby!