Google Play Store Expels Fraudulent Bank Apps

rated by 0 users
This post has 8 Replies | 2 Followers

Top 10 Contributor
Posts 24,858
Points 1,115,560
Joined: Sep 2007
ForumsAdministrator
News Posted: Sat, Dec 15 2012 11:44 AM
When you download that banking app to your tablet or smartphone, do you ever wonder if it’s legitimate? Security software publisher Kaspersky Lab recently found some fake banking apps on the Google Play Store, which Google promptly removed upon being alerted. The fraudulent apps are for Russian banks in this case.
 

This Russian app is a Trojan that can steal a user's bank login info. Stunningly, it wasn't getting a very good average rating in the Play Store before it was removed. Image Credit: Kaspersky

The apps that were found in the Play Store on December 12th (and deleted on December 13th, after Kaspersky contacted Google) were downloaded numerous times, suggesting that the apps likely snagged bank login information from several victims. The apps are fairly sophisticated and require multiple interactions with the victim to retrieve the login information. You’ll be looking at a screen that looks legitimate, but is asking to you to send your mobile phone number to a server that doesn’t belong to the bank. SMS messages are also used as part of the scam.

Despite the safeguards companies like Amazon, Apple, and Google put in place, app stores still sometimes accept apps with dubious or malicious purposes. Most of the time, a little caution and commonsense are all you need to stay safe, but with fake app developers getting sophisticated, it’s going to get harder to tell real apps from malware – a Netflix fake being a prime example.
  • | Post Points: 65
Top 100 Contributor
Posts 1,016
Points 10,925
Joined: Dec 2010
Location: Mcallen, Texas
OSunday replied on Sat, Dec 15 2012 12:36 PM

This is scary, I know it's in Russia were hacking like this is a little bit more prevalent and maybe easier to get away with a Fraudulent app since Google is primarily centered in the U.S. and clearly wouldn't have as much knowledge about banks in Russia but the fact they still managed to get into the App store is scary.

Combine this new with the results of the Antivirus testing of Android earlier are giving it an image of being overly vulnerable.

It's also sad news to hear a few people were duped and that the application was authentic and complex enough to not only trick a couple users but Google as well

  • | Post Points: 35
Top 150 Contributor
Posts 756
Points 7,635
Joined: Nov 2012
Location: Dallas, Tx
Dorkstar replied on Sat, Dec 15 2012 7:25 PM

This isn't going to stop unless you want to limit the amount of applications available to your consumers, and obviously no one wants to do that.  People just need to be more aware of what they are downloading, phishing is getting incredibly sophisticated.

 I remember in my AOL days, I always had a pop-up that said incorrect password, which was odd because my password was saved.  So every time it came up I'd just mash the keyboard and it would connect anyways.  After a few days I noticed during one of the log ins that my e-mail flashed up for half a second.  The next day I got a e-mail saying that the e-mail address I was attempting to contact was not a valid e-mail address.  So naturally I went to Hotmail, made the e-mail account that the passwords were being sent to, and by the 5th day I had 100's of AOL login names and password.  

  A short discussion with my neighbor reminded me of the possible legal issues with owning the e-mail address related to the password capturing program.  So I let the e-mail die out and continued on with my life.

  • | Post Points: 5
Top 10 Contributor
Posts 8,430
Points 102,120
Joined: Apr 2009
Location: Shenandoah Valley, Virginia
MembershipAdministrator
Moderator
realneil replied on Sat, Dec 15 2012 8:35 PM

I think that Google should take the time to verify the Apps on their store's pages. If we can't trust them to do so, why use them at all?

Don't part with your illusions. When they are gone you may still exist, but you have ceased to live.

(Mark Twain)

  • | Post Points: 5
Top 200 Contributor
Posts 385
Points 3,845
Joined: Jun 2011
RTietjens replied on Sat, Dec 15 2012 9:05 PM

@Osunday - Firstly, this isn't hacking; it's simple social engineering, that is, using greed and stupidity against the greedy and stupid to remove their funds (if any).

Secondly, the "antivirus testing of Android" was conducted by paid flunkies of Apple and Microsoft. What sort of results would you expect them to report?

Simple caution, and a small amount of common sense, keep Android users safe, for the most part. If you think you can get free porn with a free app, you're a moron, and you'll get fleeced. You should have an iPhone instead.

  • | Post Points: 35
Top 100 Contributor
Posts 1,016
Points 10,925
Joined: Dec 2010
Location: Mcallen, Texas
OSunday replied on Sat, Dec 15 2012 11:40 PM

Users are always the most vulnerable aspect of any system regardless of whether its Android, iOS or any other platform, caution and common sense are the greatest deterrent to exposed vulnerabilities.

and by "hacking" I didn't mean the literal technical term, what you said was more accurate since this is infiltration by social engineering and not literally breaching the banks security system and accessing things without the authority too . I'll try and be clearer with terminology in the future

  • | Post Points: 5
Top 500 Contributor
Posts 90
Points 580
Joined: Sep 2012

how does any one know? if they allowed it on the site to be sold it looks more like they failed at the acceptance part of the App process. This looks more bad for google then it does for the bad guys...

  • | Post Points: 5
Top 10 Contributor
Posts 8,430
Points 102,120
Joined: Apr 2009
Location: Shenandoah Valley, Virginia
MembershipAdministrator
Moderator
realneil replied on Mon, Dec 17 2012 1:35 PM

RTietjens:
for the most part. If you think you can get free porn with a free app, you're a moron, and you'll get fleeced.

If you want porn to begin with, (free or otherwise) you need to work on getting a life,...............Smile

Don't part with your illusions. When they are gone you may still exist, but you have ceased to live.

(Mark Twain)

  • | Post Points: 20
Top 100 Contributor
Posts 1,016
Points 10,925
Joined: Dec 2010
Location: Mcallen, Texas
OSunday replied on Mon, Dec 17 2012 2:11 PM

*Tsssss*

HotHardware's Hot Burning burn of the month.
Lol 

  • | Post Points: 5
Page 1 of 1 (9 items) | RSS