Malware on Android Apps Targets Bank Account Info

Fake login screens overlay the original banking one and are triggered when the application is launched and closes after the user fills their personal data. Image from a report by Security Week, 3/10/16.

Fake login screens overlay the original banking one and are triggered when the application is launched and closes after the user fills their personal data. Image from a report by Security Week, 3/10/16.

We work hard to keep you abreast of all the latest ways hackers and digital robbers are trying to steal your identity and your money. The latest is APP-alling in our opinion.

Sitting innocently on Google Play are about a dozen apps imitating banking and payment apps, and designed to get you to download them. The mobile banking applications targeted by the malware include those from Commonwealth Bank and Wells Fargo. The issue of hacker apps isn’t new (at least in tech years). The issue is that Android consumers generally expect Google Play to be a safe location to download apps from, making them that much more dangerous.

According to the Huffington Post, “Google does scan apps for security concerns before making them available to users, but bad actors have found ways to worm around the checks.”

Further complicating data security for Android consumers, ITWire reports that Android’s recent API modifications to allow adware may have allowed malware to sneak in. According to the report, “These threats function by learning what application is operating in the foreground, pushing it to the background, and then pushing a fake lookalike screen to the foreground. This screen looks like a banking application and is used to steal victims' information.”

Even if the malware slips through, it still needs the consumer to give it permission to take over. Hackers intentionally use information and brands familiar to individual consumers to lower their shield just enough to sneak in. This Trojan Horse approach to manipulating human nature is called “social engineering,” and it’s well worth reading our recent blog, “Social Engineering: Bad People Tricking Good People,” to fully understand how integral it is to data security susceptibility.

One of the most consistent ways to spot a bad app (or email) is spelling errors, bad grammar, etc. If something doesn’t look right – or if your gut tells you something is off – don’t download the app and don’t give an app permission to access your data as it could contain malware.

As always, we will continue to monitor the tech news for the latest tricks so that you’re educated on what to look for. At Sinu, we want you to be well educated in data security because all the walls in the world won’t protect you if you open the door to the wrong person by accident.

For more information about how to keep your data safe, download our whitepaper: Oh, the Humanity! The Role People Play in Data Security.