Atypical cloned banking app pops up on Google Play
Posted on 25.06.2014
An unusual instance of a cloned banking app has been spotted on Google Play by Lookout researchers: the app steals only the users' ID, and leaves alone the password.

The creators of the app have taken the legitimate app of the Israel-based Bank Mizrahi-Tefahot, and have put a "wrapper" around it, which makes it so that when the app is started, a login form asking for the user's ID and password is loaded.

It is definitely a phishing attempt, but a very curious one, as only the ID is sent to the app authors. It's also interesting to note that the authors themselves confirm this unusual move in a comment in the app's code.

"Once the user ID is stored the app returns a message to the user saying that the login failed and to, instead, reinstall the legitimate banking app from the Play Store," the researchers noted.

My pet theory about this case is that the bank itself might have cloned the app in order to teach users a lesson in security, but who knows?

In any case, the researchers have some advice for users to avoid similar schemes in the future: if you see a duplicate of the app you’re trying to download, one might not be legitimate.

Also, using a mobile security solution is a good idea, especially because Google still can't manage to block all potentially malicious apps from ending up on Google Play.

UPDATE: My theory has been shot down by Jeremy Linden, Senior Security Product Manager at Lookout.

"Mizrahi Bank did not create the cloned app. Indeed, the bank informed us that they were not aware of the malware as we were working to get it removed from the Google Play store. It's very unlikely that a company would build a piece of malware, violate Google's terms of service, and secretly take user information to teach their customers a lesson," he told Help Net Security.

"It's definitely curious that the malware authors would only take the usernames and not the passwords. We're unsure as to why this was the only information collected, but it could be that the malware authors were testing the functionality," he added.









Spotlight

eBook: Cybersecurity for Dummies

Posted on 16 December 2014.  |  APTs have changed the world of enterprise security and how networks and organizations are attacked. These threats, and the cybercriminals behind them, are experts at remaining hidden from traditional security while exhibiting an intelligence, resiliency, and patience that has never been seen before.


Weekly newsletter

Reading our newsletter every Monday will keep you up-to-date with security news.
  



Daily digest

Receive a daily digest of the latest security news.
  
DON'T
MISS

Fri, Dec 19th
    COPYRIGHT 1998-2014 BY HELP NET SECURITY.   // READ OUR PRIVACY POLICY // ABOUT US // ADVERTISE //