#ESET has identified a new #malware malware that steers mobile banking customers to counterfeit papers to access credit card information. This malware, labeled "Android / Spy.Banker.AHR", focuses on acquiring card details and internet banking information in fraudulent forms while promising to increase credit card limits.
The #cybercriminals, who have trouble overcoming the banks' security measures, continue to choose ways to deceive #bank customers. The information security organization ESET warned about a new banking trojan targeted at customers of three Indian banks, according to initial findings in this framework.
These #counterfeit banking #applications, which have been able to infiltrate the official #Google Play store, are reaching bankers with promises to raise credit card limits. Fraudulent applications take credit card details and internet banking information through phony forms. Even worse, the data that is stolen from the victims is leaked in plain text via an open server online, which makes the data clear to everyone.
Fraudulent applications were uploaded to Google Play in June and July 2018, and ESET was removed with Google's warning; but by that time they had already been downloaded by hundreds of users. The applications were loaded by three separate developers, each mimicking a different Indian bank; but the evidence shows that the source of the three appliances is based on the same aggressor.
Obtained information makes everyone clear
Meanwhile, the information entered in the fake forms is sent in plain text to the attacker's server. The server that lists the stolen information can be accessed by anyone with the link without any authentication required. This increases the potential for victims, because sensitive information is potentially available to everyone, not just the attacker.
How to stay safe
ESET Security Researcher Lukas Stefanko advises those who have downloaded any of these malicious applications to remove them immediately. "Check your bank account immediately and change your pin code on your credit card, as well as your Internet banking login password," said Lukas Stefanko, a phone user who has not been a victim of phishing attempts.
Only trust mobile banking applications that are linked to your bank's official site.
Never enter sensitive banking information into online forms that you suspect for your safety and legitimacy.
Pay attention to app rating and appraisals for the number of app download downloads from Google Play.
Make sure your Android device is up to date and use a reliable security solution.