Apps
How to Stay Safe From Fake Finance Apps on Google Play
Written by Lukas Stefanko, Malware Researcher at ESET
Another set of fake finance apps has found its way into the official Google Play store. This time, the apps have impersonated six banks from New Zealand, Australia, the United Kingdom, Switzerland and Poland, and the Austrian cryptocurrency exchange Bitpanda. Using bogus forms, the malicious fakes phish for credit card details and/or login credentials to the impersonated legitimate services.
Figure 1 – Six of the malicious apps found on Google Play
The malicious fakes were uploaded to Google Play in June 2018 and were installed more than a thousand times before being taken down by Google. The apps were uploaded under different developer names, each using a different guise, however, code similarities suggest the apps are the work of a single attacker. The apps use obfuscation, which might have contributed to their slipping into the store undetected.
The sole purpose of these malicious apps is to obtain sensitive information from unsuspecting users. Some of the apps take advantage of the absence of an official mobile app for the targeted service (such as Bitpanda), while others attempt to fool users by impersonating existing official apps. The full list of targeted banks and services can be found at the end of this article.
How do the apps operate?
While the apps don’t follow one common procedure, upon launch they all display forms requesting credit card details and/or login credentials to the targeted bank or service (examples can be seen in Figure 2). If users fill out such a form, the submitted data is sent to the attacker’s server. The apps then present their victims with a “Congratulations” or “Thank you” message (an example can be seen in Figure 3), which is where their functionality ends.
Figure 2 – Bogus forms phishing for credit card details and internet banking login credentials
Figure 3 – Final screen displayed by one of the malicious apps
How to stay safe
If you suspect that you have installed and used one of these malicious apps, we advise you to uninstall them immediately.
Also, change your credit card pin codes as well as internet banking passwords and check your bank accounts for suspicious activity. If there have been unusual transactions, contact your bank. Users of the Bitpanda cryptocurrency exchange who think they have installed the fake mobile app are advised to check their accounts for suspicious activity and change their passwords.
To avoid falling victim to phishing and other fake financial apps, we recommend that you:
- Only trust mobile banking and other finance apps if they are linked from the official website of your bank or the financial service
- Only download apps from Google Play; this does not ensure the app is not malicious, but apps like these are much more common on third-party app stores and are rarely removed once uncovered, unlike on Google Play
- Pay attention to the number of downloads, app ratings and reviews when downloading apps from Google Play
- Only enter your sensitive information into online forms if you are sure of their security and legitimacy
- Keep your Android device updated and use a reliable mobile security solution; ESET products detect and block these malicious apps as Android/Spy.Banker.AIF, Android/Spy.Banker.AIE and Android/Spy.Banker.AIP
Targeted banks and services
Australia and New Zealand
Commonwealth Bank of Australia (CommBank)
The Australia and New Zealand Banking Group Limited (ANZ)
ASB Bank
The United Kingdom
TSB Bank
Switzerland
PostFinance
Poland
Bank Zachodni WBK (renamed to Santander Bank Polska SA in September 2018)
Austria
Bitpanda
IoCs
Package name | Hash | Detection |
cw.cwnbm.mobile | 651A3734103472297A2C65C81757FB5820AD2AB7 | Android/Spy.Banker.AIF |
au.money.go | DE09F03C401141BEB05F229515ABB64811DDB853 | Android/Spy.Banker.AIF |
asb.ezy.pay | B6D70983C28B8A0059B454065D599B4E18E8097C | Android/Spy.Banker.AIF |
uk.mobile.tsb | 91692607FB529218ADF00F256D5D1862DF90DAAF | Android/Spy.Banker.AIF |
ch.post.finance | FE1B2799B65D36F19484930FAF0DA17A0DBE9868 | Android/Spy.Banker.AIF |
pl.mblzch | C43E7A28E1B807225F1E188C6DA51D24DCC54F5F | Android/Spy.Banker.AIE |
www.bit.panda | 7D80158C8C893E46DC15E6D92ED2FECFDB12BF9F | Android/Spy.Banker.AIP |
Apps
Yango Maps Launches Live Public Bus and Marine Transport Tracking in Dubai
Yango Maps, the popular navigation app, has introduced a significant upgrade for Dubai users. The app now offers real-time tracking of public buses and marine transport, providing a more efficient and convenient commuting experience.
Thanks to the Roads and Transport Authority (RTA)’s open data policy, Yango Maps can now display accurate and up-to-date locations of public transportation vehicles. By switching to the “Transport” tab, users can easily view the real-time movement of buses and ferries on the map.
The app also allows users to search for specific bus numbers and view their routes, stops, and estimated arrival times. This feature is particularly useful during peak hours or in extreme weather conditions, as it helps users plan their journeys efficiently and avoid unnecessary waiting.
Yango Maps continues to evolve with innovative features that aim to simplify urban navigation. By incorporating real-time public transport data, the app empowers users to make informed decisions and optimize their daily commutes.
Apps
PetWatch App Launches in the UAE
Today marks the official launch of PetWatch, a revolutionary app designed to cater to the soaring number of pet owners in the UAE. As pet ownership has surged by 25% in the last five years, PetWatch emerges as a solution to the growing demand for reliable pet care. By connecting pet owners with certified sitters, PetWatch fosters a community-driven approach to ensure the well-being of furry friends.
A recent PetWatch survey underscored the concerns of pet owners, with over 68% expressing doubts about the reliability of pet sitters. To address these concerns, PetWatch has implemented a stringent vetting process for all sitters on its platform. Each sitter undergoes rigorous training and certification to guarantee they meet the highest standards of pet care, providing pet owners with peace of mind.
“PetWatch was created out of a genuine need among pet owners. We understand the worries that arise when leaving a beloved pet behind,” said Monja Madan, Founder of PetWatch. “Our platform connects pet owners with trusted sitters and builds a community where pets are cherished as family. With love, trust, and safety at its core, we strongly believe PetWatch app will reform pet care in the UAE.”
PetWatch stands out with its commitment to quality and community. Here’s why:
- Certified Caregivers: Every PetWatch sitter completes our rigorous training program, ensuring they have the skills to provide exceptional pet care.
- Thorough Vetting: Our team personally verifies each sitter, including ID checks and in-person meetings, building trust between owners and sitters.
- Continuous Learning: Our sitters learn from professional vets and dog trainers, gaining hands-on experience and preparing them for any pet situation.
- Dedicated Support: PetWatch offers daily customer support, providing owners and sitters with expert advice and resources.
Other features include:
- Personalized Profiles: Create detailed profiles for your pet and sitter to find the perfect match.
- Vaccination Management: Track vaccination records and receive reminders for upcoming shots.
- In-App Communication: Chat, share photos, and stay connected with your sitter.
- GPS Tracking: Monitor your pet’s location for added peace of mind.
- Comprehensive Checklist: Ensure all pet care needs are met with customizable checklists.
- Easy Payments: Handle transactions seamlessly within the app.
PetWatch addresses common concerns like trust and time constraints. By connecting owners with certified sitters, offering personalized features, and fostering a supportive community, PetWatch ensures your furry friend is always in the best hands. “By combining certified expertise with robust community engagement, PetWatch empowers pet owners and sitters alike,” added Madan. “PetWatch represents more than just a platform; it’s a movement toward a better way to care for our pets.”
To further enhance the pet care experience, PetWatch is expanding its platform to include health-tracking tools and educational resources. This will empower pet owners with valuable information about their pet’s health and behaviour.
Apps
Google Photos Upgrades with AI Video Editing
Google Photos, the popular photo and video management service, has announced a significant update to its mobile video editor. The redesigned editor aims to simplify the video editing process and make it more accessible to users of all skill levels.
The new video editor interface places key editing tools front and centre, making it easier for users to access and utilize features like muting, enhancing, adjusting speed, stabilizing, and exporting frames. Additionally, the trim tool has been improved with more precise controls, allowing users to cut footage with greater accuracy.
One of the most notable additions to the video editor is the introduction of AI-powered video presets. These presets offer a variety of editing options, including basic cuts, slow-motion effects, zooming, and dynamic motion tracking. By applying these presets, users can quickly and easily create professional-looking videos without extensive editing knowledge.
Google has begun rolling out these improvements to Google Photos, but a specific timeline for the update has not been provided. You are encouraged to check your app regularly for new features to become available.