The fake apps on the Google Play store have targeted the customer of six banks including two of Australian’s largest lenders by stealing their personal details, said Security firm. The fake apps which look very official had been downloaded over a thousand times since they were uploaded to the Google Play store in June, informed Slovakian-based security software firm ESET.
Along with Australia’s Commonwealth Bank and Australia and New Zealand Banking Group, banks in Britain, New Zealand, Switzerland and Poland were targeted, the firm said in a blog post.
The scheme was likely to have been the work of a single attacker, it added. The banks’ own apps and systems were not compromised.
“These groups are involved in phishing, obtaining your log-in credentials for your bank, or your credit card information and in some cases both,” ESET researcher Nick Fitzgerald told Reuters from Christchurch in New Zealand on Thursday. The fake app asked for log-in credentials and credit card details from customers tricked into believing they were using an official service offered by their bank.
A Google spokeswoman refused to respond to questions about the scam, saying the company did not comment on individual apps.
After submitting the data to the attacker’s server, the app would display a message that reads “Congratulations” or “thank you” and end.
A spokeswoman for Auckland Savings Bank, which is owned by Commonwealth Bank, said “No customers lost money as a result of this issue,” ESET hasn’t disclosed the exact number of people who had been affected by the scam.
As reported by Perth now, the fraud was part of an international effort which also targeted banks in Britain, Poland, Switzerland, and New Zealand.