Written by Lukas Stefanko, Malware Researcher at ESET
Another set of fake finance apps has found its way into the official Google Play store. This time, the apps have impersonated six banks from New Zealand, Australia, the United Kingdom, Switzerland and Poland, and the Austrian cryptocurrency exchange Bitpanda. Using bogus forms, the malicious fakes phish for credit card details and/or login credentials to the impersonated legitimate services.
Figure 1 – Six of the malicious apps found on Google Play
The malicious fakes were uploaded to Google Play in June 2018 and were installed more than a thousand times before being taken down by Google. The apps were uploaded under different developer names, each using a different guise, however, code similarities suggest the apps are the work of a single attacker. The apps use obfuscation, which might have contributed to their slipping into the store undetected.
The sole purpose of these malicious apps is to obtain sensitive information from unsuspecting users. Some of the apps take advantage of the absence of an official mobile app for the targeted service (such as Bitpanda), while others attempt to fool users by impersonating existing official apps. The full list of targeted banks and services can be found at the end of this article.
How do the apps operate?
While the apps don’t follow one common procedure, upon launch they all display forms requesting credit card details and/or login credentials to the targeted bank or service (examples can be seen in Figure 2). If users fill out such a form, the submitted data is sent to the attacker’s server. The apps then present their victims with a “Congratulations” or “Thank you” message (an example can be seen in Figure 3), which is where their functionality ends.
Figure 2 – Bogus forms phishing for credit card details and internet banking login credentials
Figure 3 – Final screen displayed by one of the malicious apps
How to stay safe
If you suspect that you have installed and used one of these malicious apps, we advise you to uninstall them immediately.
Also, change your credit card pin codes as well as internet banking passwords and check your bank accounts for suspicious activity. If there have been unusual transactions, contact your bank. Users of the Bitpanda cryptocurrency exchange who think they have installed the fake mobile app are advised to check their accounts for suspicious activity and change their passwords.
To avoid falling victim to phishing and other fake financial apps, we recommend that you:
- Only trust mobile banking and other finance apps if they are linked from the official website of your bank or the financial service
- Only download apps from Google Play; this does not ensure the app is not malicious, but apps like these are much more common on third-party app stores and are rarely removed once uncovered, unlike on Google Play
- Pay attention to the number of downloads, app ratings and reviews when downloading apps from Google Play
- Only enter your sensitive information into online forms if you are sure of their security and legitimacy
- Keep your Android device updated and use a reliable mobile security solution; ESET products detect and block these malicious apps as Android/Spy.Banker.AIF, Android/Spy.Banker.AIE and Android/Spy.Banker.AIP
Targeted banks and services
Australia and New Zealand
The United Kingdom
Bank Zachodni WBK (renamed to Santander Bank Polska SA in September 2018)
UAE Entrepreneurs Launch Private Messaging App
UAE-based entrepreneurs have launched a private messaging app, which enables users to send voice and written messages that disappear as soon as they are sent, read, and played. “The application called Oh!Message, brings users back to the classical period of simple communications tools, but by using the best privacy-enhancing features, to be the first chat application with this high privacy developed in the ME region by Arab expertise,” said Mohammed Othman and Haian Nayouf, the makers of the app.
With this free app, the sent message will disappear from the sender’s account after 10 seconds if it is read by the recipient or not, and it will also disappear from the recipient’s account after 10 seconds of opening or playing it. The message will be destroyed completely within the application and will not be stored on the app servers. Each written message is limited to 100 characters while the audio message is 10 seconds.
“Oh!Message is end-to-end encrypted but it has also other features that make it the most private app among messaging apps,” said Engineer Mohammed Othman, Co-Founder and Chief of Technology at Oh!Message. “In this app, which is available in Apple and Android stores, the user doesn’t appear online while using it, and his/her location is not tracked.”
“The first period of the app launch is in the UAE, the Gulf region, and Arab countries,” said Haian Nayouf, Co-Founder and Chief of Communications at Oh!Message. “The UAE is the capital for talent, companies, and investments in the areas of digital and technical excellence globally, and this has greatly motivated us to work on this project in UAE, and the app is the first of its kind in the Arab world with these strong privacy features.”
Taiwan’s First International Streaming Platform Called Taiwan+ is Now Live
Taiwan Plus (Taiwan+), the first English-language international streaming platform of Taiwan, was unveiled by Vice President Lai Ching-te, Legislative Speaker You Si-kun, Culture Minister Lee Yung-te, Central News Agency (CNA) Chairman Liu Ka-shiang, Taiwan+ CEO Joanne Tsai, and H.E. Ambassador Jasmine E. Huggins of Embassy of Saint Christopher and Nevis at the National Taiwan Museum in Taipei on Aug. 30.
Targeting an English-speaking audience, Taiwan+ consists of media professionals from the U.S., the U.K, Canada, France, and Australia, as well as local industry professionals, who work collaboratively to deliver the latest news about Taiwan, international affairs, and covers a wide range of topics. The platform also sources stories from Taiwan’s public and private media organizations.
Golden Melody-award-winning singer Sanpuy Katatepan Mavaliyw opened the event with a music performance. Held with COVID-19 prevention measures in place, the event was joined by representatives including Izumi Hiroyasu from Japan, Jordan Reeves from Canada, Andrew Wylegala and Don Shapiro from the U.S., and Henry Chang and Giuseppe Izzo from Europe.
H.E. Ambassador Jasmine E. Huggins of the Embassy of Saint Christopher and Nevis in Taiwan said the international video platform is expected to connect Taiwan with the world. President Tsai Ing-wen expressed her pleasure to join the launch of Taiwan+ with a video message, saying “Taiwan+ is an exciting new initiative to tell Taiwan’s story. Generations of Taiwanese fought to transform this country into a vibrant democracy that protects freedom of speech and expression.”
Premier Su Tseng-chang wished the platform success. He stressed that Taiwan is a democratic and free country guided by the rule of law, and cares about universal values of human rights, freedom of speech, and diversity, noting that this is why many countries are willing to make friends and do business with Taiwan. Vice President Lai said, “I hope that the platform can be the starting point from which the world learns about what Taiwanese people think and want, what Taiwan is doing, and what we can contribute to the world.”
Legislative Speaker, You noted that, with China’s intimidation and political oppression against Taiwan, the establishment of Taiwan+ allows Taiwan to tell its stories to the world through its voices. Taiwan+, a project commissioned by the Ministry of Culture to the CNA, marks an important milestone in the country’s history of mass media, Minister Lee said. He expressed his gratitude to legislators and professionals for making this happen.
“I hope to make this platform a form of expansion, connection, and infinite possibilities, just like how Taiwan incorporates ethnic, cultural and linguistic diversity, and introduce Taiwan to the world through dynamic storytelling and news,” said Tsai, a senior media professional with over 25 years of experience in international media outlets, such as NBC/CNBC, National Geographic, and Fox International Channels.
The content of Taiwan+ can be played on the Taiwan Plus app or viewed on its website and social media platforms, such as Facebook, YouTube, Twitter, and Instagram.
“Selfdrive” Launches Smart Mobility App
Selfdrive, an entity of Pinewoods Tech Serve, has launched an all-in-one Smart Mobility App. The app is serving as a game-changer for the car rental space offering its users a seamless, reliable, and convenient mechanism to rent a car on demand. The cutting-edge mobile app provides direct access to dealership fleet to its users, allowing them to rent a car by the day, subscribe by the month, or lease a car up to 3 years, offering complete flexibility in booking duration.
The company to date has served over 50k customers and witnessed a 30% MoM growth in customer base in the past six months. The app is built on a proprietary tech foundation concept, Search – Select – Pay, that uses machine learning and artificial intelligence to match customers’ profiles with the cars that they would like to drive, making the selection process and renting a car absolutely seamless experience.
This app is available to download on Android and iOS, which offers users the option to select from 65 different car models across 15 different car brands from 45 different locations in the UAE within three hours. Some of the key brands available to rent are Nissan, Toyota, Mitsubishi, Renault, Mazda, Infinity, Volkswagen (VW), BMW, and many more.
Speaking about the launch of its app, Soham Shah, CEO, and Co-Founder of Selfdrive said, “As one of the largest car rental service providers in the UAE, we strive to offer exceptional service to our customers every step of the way. We bring together exclusive offers on the app starting from AED 49 per day and AED 999 per month. That’s not all, with the launch of ‘Lease Pro’ in this app, users can now rent a brand new ‘Zero Km’ car under its 12 – 24 – 36 months subscription that would be exclusively registered on demand by the car dealer.”
“The smart mobility platform is a testament of our commitment to curate best deals on cars direct from the dealership, whilst making it possible for anyone to rent a car on demand and get it delivered too. This alleviates the hassle of going through multiple car rental agencies to find the best car models and rates on offer,” added Shah.
The Car rental market accounted for $86 billion in 2020 and is expected to reach $131 billion by 2026, projecting a CAGR of about 7% during the forecast period. Selfdrive launched in 2017 is the UAE’s largest car rental tech platform that has crossed 2000 cars on road.
Review: Corsair Sabre RGB Pro Wireless Mouse
As part of its Champion Series, Corsair announced its latest Sabre RGB Pro Wireless Mouse on the market today. The...
Review: EZVIZ C8C Outdoor Smart IP Security Camera
Ever since people started working from home, there has been an increased demand for home security solutions such as security...
Review: ASUS ROG Zephyrus G14 Alan Walker Edition
We reviewed the new ASUS ROG Zephyrus G14 (GA401Q) way back in June 2021. This is a 14-inch laptop that...
Review: Viewsonic ID1330 ViewBoard Pen Display
Over the past couple of years, a lot has changed about how we work and learn. With educational institutes being...
Review: ASUS Mini PC PB62
The new ASUS Mini PC PB62 is a powerful mini PC aimed at a wide range of business applications such...