The report claims these apps all utilise the same process:

1. Once the app is downloaded and launched a form appears which asks the user to fill in credit card details (including credit card number, expiry date, CVV and login credentials)
2. Once the form is completed and submitted a pop up customer service box is displayed
3. The pop up box thanks users for their interest in the bank and indicates a ‘Customer Service Executive’ will be in contact shortly
4. In the meantime, no representative makes contact with the customer and the data entered into the form is sent back to the attacker’s server – IN PLAIN TEXT.

The ESET report alarming revealed that the listing of stolen data on the attacker’s server is accessible to anyone with the link to the data, this means sensitive stolen personal data was available to absolutely anyone who happens to comes across it.

Whilst, the reality is any app on your personal smartphone may place your phone and personal data at risk, (as discussed here ‘Research Reports say risks to smartphone security aren’t phoney‘)

Customers can mitigate risk by:

• only using their financial institutions official banking apps, these are downloadable from the relevant institution’s official website;

• paying attention to the ratings, customer reviews when downloading from Google Play;

• implementing security controls on your smartphone device from a reputable mobile security provider; and

• contracting their financial institution directly to seek further guidance on the particular banking apps in use.

It cannot be overlooked, whilst Google Play moved quickly to remove the apps we query how it was so easy for cyber criminals to launch fake apps on Google Play in the first place.

Copyright 2018 K & L Gates.

This post was written by Cameron Abbott  and Jessica McIntosh of K & L Gates.

Read more stories like this on the National Law Review’s Cybersecurity legal news page.

The post Fake Apps Find Their Way to Google Play! appeared first on The National Law Forum.