Android users have underestimated the danger from fake banking apps, warn researchers of ESET, and ought to be more careful about this type of malware targeting mobile banking.
These apps mimic authentic bank applications to extract user access data into their bank accounts or even steal money. Although not considered technically advanced, these fake applications have strategic advantages that make them more effective than far more sophisticated types of malware that have the same malicious targets as those.
This is the conclusion of ESET’s latest survey analyzing the current malware case for Android banking malware. Overall, the results of the survey have been recorded in the white paper “Android banking malware: Sophisticated Trojans vs. Fake banking apps”. According to the survey, fake bank applications and sophisticated banking Trojans are the two most common types of malware for Android. In the white paper, there is relevant information about the tricks and methods used by these two types of malware.
“By analyzing the two types of malware -which have been detected at the official Google Play store– we have found that these fake applications follow a simple process, but they show some advantages that we do not find in dangerous banking Trojans”,
explains Lukáš Štefanko, Malware Researcher of ESET.
The most important advantage of these fake applications, according to Štefanko, is that they can accurately mimic authentic banking applications. If users are fooled and installed a fake banking application, there is a strong chance of entering their details to log on to the screen displayed by the application as legitimate, although it is not. These fake apps do not apply to what’s happening in the banking Trojans, that is, annoying requests for access that might be suspicious to users after installation. In addition, sophisticated banking Trojans are being detected to a greater extent, as their advanced techniques automatically trigger the detection process for various security reasons.
“While banking trojans have long been seen as a serious threat to Android users, the threat of fake banking applications is often underestimated given their limited capabilities. Fake banking applications may not be technically advanced, yet we believe they could prove equally effective in stripping bank accounts like banking Trojans“,
Lukáš Štefanko commented.
To stay safe from malware, ESET experts recommend users:
- To keep their Android device up to date and use a reliable mobile security solution.
- Not to use unofficial shops to download apps, if possible. Always have the “install applications from unknown sources” feature turned off in their device.
- Before installing an app from Google Play, always check the rating, evaluation content, number of installations and access requests within apps. Keep track of the app’s behavior after installing it.
- To proceed to download applications for banking or other financial services only if they are linked to the official website of the bank or financial institution.