Security Architecture, Endpoint/Device Security, Endpoint/Device Security, Threat Management, Threat Management, Malware, Phishing, Endpoint/Device Security, Endpoint/Device Security, Endpoint/Device Security

Spyware disguised as Spanish banking apps removed from Google Play


A spyware program fraudulently disguised as a Spanish-language banking app was found last month collecting users' device data and messages, which were later leveraged in smishing schemes.

Advertised as "Movil Secure," the fake app pretends to be associated with multinational Spanish banking group Banco Bilbao Vizcaya Argentaria (BBVA). Published on Oct. 19, the app was discovered by Trend Micro researchers three days later, available for download on Google Play.

Shortly thereafter, Google removed Movil Secure in addition to three more apps from the same developer with the same malicious functionality, Trend Micro reported in a company blog post today. The three other apps falsely claimed to be affiliated with Spanish banks Evo and Bankia, as well as Compte de Credit, which Trend Micro says isn’t connected to any large financial institution.

Downloaded over 100 times, Movil Secure purported to provide BVVA customers with a mobile banking token service for identity management and transaction authorization purposes. But in reality, the app gathers a device's SMS messages and associated phone numbers, as well as identifying data (device ID, OS version and country code), before sending that information to a command-and-control server.

"This type of information is quite valuable -- SMS is often used by mobile banking apps to confirm or authorize banking transactions," wrote blog post author Echo Duan, mobile threat response engineer at Trend Micro.

Trend Micro reported that the scammers were caught using this data for an SMS-based phishing campaign, with at least one commenter in the app's reviews section complaining that the app targeted his or her bank card.

Bradley Barth

As director of multimedia content strategy at CyberRisk Alliance, Bradley Barth develops content for online conferences, webcasts, podcasts video/multimedia projects — often serving as moderator or host. For nearly six years, he wrote and reported for SC Media as deputy editor and, before that, senior reporter. He was previously a program executive with the tech-focused PR firm Voxus. Past journalistic experience includes stints as business editor at Executive Technology, a staff writer at New York Sportscene and a freelance journalist covering travel and entertainment. In his spare time, Bradley also writes screenplays.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.