Attackers Using Phishing Apps to try to Steal Credentials to Popular Mobile Payment Platforms

As mobile payment platforms become more popular, scammers are taking notice to this uptick in digital currency exchange. Fake Android apps have been discovered on the Google Play Store that pose as popular mobile payment platforms.

Researchers from security firm PhishLabs discovered 11 of these phishing applications since the beginning of 2016 hosted on the Google Play store.

The scam works by displaying fake webpages designed to look like legitimate pages, however, these webpages are launched inside the app, allowing the attackers to hide the actual web address of the webpage, leaving users with no real way of verifying the validity of the site.

These fake webpages will display various pages asking for log in credentials, and sometimes will seek additional information under the guise of updating security questions. Once sufficient data has been collected by the app, it will then display an error message to the user stating that the username and password combination was incorrect or some other error.

After the malware has collected and sent all the information it is after, it presents the user with an error message claiming that either the username and password combination was wrong or some other similar error.

 

How to Stay Protected:

Luckily, there are many ways to stay protected from this threat. Norton Mobile Security detects this threat as Android.Fakebank.

  • It is important to realize that when third parties report these fake phishing apps to Google, it may take several days for the apps to be removed from Google Play. This is a good reminder to always be diligent when selecting apps to download, no matter what their source.
  • Additionally, most legitimate digital payment companies provide links to their apps from their official website. It is advised for users interested in one of these apps to go to the app’s legitimate webpage, and download the app from the site.

 

If you think that you have been compromised with one of these apps, you should immediately delete the app from your phone, and then go to the website in question via a web browser, and change your login credentials.