The official Google Play app store has again been found harboring malicious apps, this time fake banking apps that steal credit card credentials and other banking information.
The attackers behind these apps are targeting the customers of three Indian banks by promising to increase credit card limits. Instead, those who download the app are likely to have their payment card information and internet banking credentials taken when they fill out fake application forms, ESET said in a report.
Making matters worse for the victims, ESET discovered, is that their information is also leaked online, in plain text, via an exposed server.
The fake apps, which were on Google Play between June and July 2018 and have since been removed, were traced back to a single attacker and were the same malicious app uploaded three separate times each using a different bank name. Either ICIC Bank, RBL Bank and HDFC Bank.
The information-stealing aspect of the operation is also very straightforward. The victim is presented with a form asking for names, credit card numbers, expiration dates and CVV. This is then submitted and the person is taken to another screen where he or she is asked for their banking login credentials. When the second form is submitted the person is told a “customer service executive” will soon be in contact.
The app offers no other functionality.
“The data entered into the bogus forms is sent in plain text to the attacker's server. The listing of the stolen data on that server is accessible to anyone with the link, without requiring any authentication. For the victims, this amplifies the potential damage, since their sensitive data is not only at the attacker's disposal, but potentially available to anyone who comes across it,” ESET said.