A spyware program fraudulently disguised as a Spanish-language banking app was found last month collecting users' device data and messages, which were later leveraged in smishing schemes.

Advertised as "Movil Secure," the fake app pretends to be associated with multinational Spanish banking group Banco Bilbao Vizcaya Argentaria (BBVA). Published on Oct. 19, the app was discovered by Trend Micro researchers three days later, available for download on Google Play.

Shortly thereafter, Google removed Movil Secure in addition to three more apps from the same developer with the same malicious functionality, Trend Micro reported in a company blog post today. The three other apps falsely claimed to be affiliated with Spanish banks Evo and Bankia, as well as Compte de Credit, which Trend Micro says isn’t connected to any large financial institution.

Please register to continue.

Already registered? Log in.

Once you register, you'll receive:

  • News analysis

    The context and insight you need to stay abreast of the most important developments in cybersecurity. CISO and practitioner perspectives; strategy and tactics; solutions and innovation; policy and regulation.

  • Archives

    Unlimited access to nearly 20 years of SC Media industry analysis and news-you-can-use.

  • Daily Newswire

    SC Media’s essential morning briefing for cybersecurity professionals.

  • Learning Express

    One-click access to our extensive program of virtual events, with convenient calendar reminders and ability to earn CISSP credits.