It appears that saboteurs, who slipped a malicious app into the Google Play store, were testing their malware out on unsuspecting users, researchers found.
The malware, called BankMirage, masqueraded as a legitimate banking app for customers of Mizrahi Bank in Israel. After going undetected a few days in the official app store for Android users, however, researchers at security firm Lookout became privy to the scheme.
Once users downloaded BankMirage, it loaded an in-app login form designed to steal victims' user IDs, the blog post said.
In a Wednesday interview, Jeremy Linden, senior security product manager at Lookout, told SCMagazine.com that miscreants may have been experimenting with the malware's features– which could explain why users' passwords were not up for grabs.
“One possibility is they were testing [the malware] functionalities, and they were going to then add the actual malicious functionality,” Linden said.
He added that, in this instance, user IDs for the app were not email addresses, a scenario which may have presented an opportunity for future phishing attacks.
Lookout alerted Google of the malicious app last Thursday, Linden said.