Fake bank apps found on Google Play store

Cybersecurity company ESET has discovered six fake banking and personal finance apps on the Android store. The apps had been installed more than 1,000 times total before being taken down by Google.

ESET believes all of the apps are the work of a single attacker. They have impersonated six banks from New Zealand, Australia, the United Kingdom, Switzerland and Poland, and the Austrian cryptocurrency exchange Bitpanda.

Using bogus forms, the malicious fakes phish for credit card details and login credentials to the impersonated legitimate services. Some of the apps take advantage of the absence of an official mobile app for the targeted service (such as Bitpanda), while others attempt to fool users by impersonating existing official apps.

The full list of targeted banks is:

Australia and New Zealand
Commonwealth Bank of Australia (CommBank)
The Australia and New Zealand Banking Group Limited (ANZ)
ASB Bank

UK
TSB Bank

Switzerland
PostFinance

Poland
Bank Zachodni WBK (renamed to Santander Bank Polska SA in September 2018)

Austria
Bitpanda

To ensure you don't fall victim to attacks like this ESET recommends you only trust mobile banking and other finance apps if they are linked from the official website of your bank or the financial service. Pay attention to the number of downloads, app ratings and reviews when downloading apps from Google Play, and only enter your sensitive information into online forms if you are sure of their security and legitimacy. You should also keep your Android device updated and use a reliable mobile security solution.

Image credit: Ai825/depositphotos.com