ID stealing cloned banking app found on Play Store
A cloned banking app which steals user login credentials has been discovered on the Play Store this week. Mobile security company Lookout discovered the app and informed Google which immediately removed it.
The malware, called BankMirage, targets the customers of an Israeli bank called Mizrahi Bank -- the fourth largest in the country. The authors of the app placed a wrapper around the bank's legitimate app and redistributed it on the Google Play store, pretending to be the financial institution.
Once opened the app displays a login form which siphons off the user's ID as it's entered in a classic phishing attack. Oddly though it captures only the ID and not the password. Once it has the ID the app returns a message to the user saying that the login failed and to, instead, reinstall the legitimate banking app from the Play Store.
Banking malware is, so far, less common in the US than it is in Europe and the Far East. Korean malware PlayBanker, for example, pretends to be Google Play and sends out push notifications to lure victims into downloading rogue banking apps. Another piece of malware, BankUn, will check for the presence of eight major, legitimate Korean banking apps and then attempts to replace them with rogue ones.
The problem with an app finding its way onto the Play Store is that turning off Unknown Sources on your phone isn't going to protect you. Lookout recommends that you be wary if apps you want to download have duplicates as this may indicate illegitimate copies, and that you have an up to date app scanner on your device.