App disguised as currency converter found stealing banking credentials
A seemingly legitimate currency converter app has been caught stealing banking credentials from Android devices. The app installed a hidden trojan and phished users into entering passwords of their internet banking accounts. It was available on Google Play Store with more than 500 downloads but has since been removed from the platform. Here are more details.
How the app installed hidden trojan?
The malicious app, first flagged by security researcher Lukas Stefanko, came with the name of 'Easy Rates Converter'. It worked just like any other converter (leading users into thinking it's legit) but also downloaded a trojan - titled 'Update Flash Player' - in the background. Then, this malware sought installation and device administration permissions (which unsuspecting users would have given) to establish its roots.
Then, the malware waits for the right opportunity
As Stefanko demonstrated, after installation, the trojan sits quietly, waiting for the user to open a banking app. Once that happens, it comes into action and creates a copy of the legitimate app. The fake app overlays the real-one and presents a pretty similar login page, asking login credentials from the user. If entered, the details are sent to the phishers' servers.
In test, the malware created fake CommBank app
In the video demonstrating the working of the malware, Stefanko showed how it created a fake page for the official app of Commonwealth banking. He added the app took similar actions for Binance, which is one of the world's biggest cryptocurrency exchange desks. Also, the fake app prevented users from switching to the original app and stayed on top.
How to avoid such apps?
Normally, Google flags and removes malicious apps from its platform, but sometimes they can slip through - like on this occasion. However, one can stay clear of apps by following some basic rules and installing only verified apps with many more installs. Also, checking ratings and reviews of the app in question can provide additional insights into its functionality and features.
