Researchers at IT security firm ESET have warned of the emerging threat of fake banking apps.

Research on the malware landscape for Android operating systems found that that cyber criminals have developed mobile banking malware that impersonates legitimate finance apps to obtain victims’ credentials, before stealing money from their bank accounts.

The analysis said that “while technically far from advanced”, these banking apps, which overlay mobile app platforms, have strategic advantages for criminals, meaning they are almost as effective at more sophisticated “Trojan horse” forms of malware hacks aimed at stealing money from unsuspecting consumers.

If users fall for the impersonation and install a fake banking app, there is a high chance they will treat the login screen displayed by the app as legitimate and submit their credentials, the researchers found.

Furthermore, contrary to banking Trojans, there are no intrusive permission requests to raise the users’ suspicion after installation.

Lukáš Štefanko, ESET malware researcher, said: “Our analysis of the two types of banking malware - both of which have previously been discovered in the official Google Play store - has shown that the simple operation of fake banking apps comes with certain advantages that the feared banking Trojans don’t have.

“While banking Trojans have long been regarded as a serious threat to Android users, fake banking apps have sometimes been overlooked due to their limited capabilities,” he concluded, adding that these apps could be just as valid a strategy for “emptying bank accounts as banking Trojans”.

Share Story: