Fake Android banking apps may have stolen data of thousands: SophosLabs report

Fake applications of State Bank of India, ICICI Bank, Axis Bank, Citibank and other lenders, available on Google Play, may have stolen data of thousands of customers in India, claims a report by infotech security firm SophosLabs.

The report further points out that Canara Bank, Syndicate Bank, Axis Bank, Indian Overseas Bank, and Yes Bank are also being targeted. Bank of Baroda is on the radar, too.

“We recently found 12 malicious apps that collected users’ Internet banking credentials and credit card details, some of which have been available for download for, in some cases, more than two years, and had been installed by thousands of people,” wrote Pankaj Kohli, threat researcher, SophosLabs, in a blog post.

Some of these applications disguised themselves as internet banking apps or electronic wallets.

Banks did not respond to messages till publication of this report.

The study says that the malware author(s) responsible for these apps have published at least 12 different apps since May 2016. All the apps have a similar user interface, a similar code base, and all of them send the leaked information to the same command-and-control server, which suggests a single group behind the campaign.

Many of these apps lured victims into downloading and using them by promising rewards such as cashback on purchases, free mobile data, or interest-free loans, the report added.

Some even claimed to be providing a service enabling users to withdraw cash from an ATM and having it delivered to their doorstep.

The report highlighted that some of the apps are blatant copies of real ones, while a few are much more dangerous as they seed malware and steal data from user accounts. Users should always use antivirus software, which provides malware protection and internet security to keep them protected and stop these fake apps from stealing data, the report said.