Malicious phishing apps have once again made their way into the Google Play Store, this time imitating six online banks and a cryptocurrency exchange.

ESET researchers spotted fake finance apps impersonating banks from New Zealand, Australia, the U.K., Switzerland and Poland, and the Austrian cryptocurrency exchange Bitpanda, according to a Sept. 19 blog post.

JPMorgan Chase customers targeted in massive phishing campaign
JPMorgan Chase customers targeted in massive phishing campaign

The malicious apps imitated the Commonwealth Bank of Australia (CommBank) The Australia and New Zealand Banking Group Limited (ANZ), ASB Bank, TSB Bank, PostFinance, and Santander Bank Polska SA (formerly Bank Zachodni).

Although they each operated slightly differently, they all display forms requesting the user to enter their credit card details and/or login credentials to the targeted bank or service  apps then present their victims with a “Congratulations” or “Thank you” message, researchers said.

 The malicious apps all used obfuscation which most likely helped them to bypass Google’s security features.

Despite being uploaded under different developer names, researchers suspect the same group or person is behind the malicious apps and that they were all uploaded in June 2018. They have since been installed more than a thousand times before they were shut down by Google.