Users of mobile applications 14 Polish banks attacked

Two dangerous applications appeared in the official Google Play store, the hidden purpose of which was to steal access to Polish bank accounts and to withdraw money from them. Mobile applications users up to 14 Polish banks have found themselves on the screen!

At the end of November, two applications appeared in the official Google Play store – “CryptoMonitor”, intended for alleged tracking of cryptocurrency prices and “StorySaver”, promising to download from Instagrama so-called. “Stories”, or short user stories from the last day. Both applications, in addition to the promised functionalities, displayed to their victims system notifications, which looked identically to those generated by banking applications. In addition, malicious applications displayed false log-on forms to bank accounts to their victims in order to ultimately capture logins and passwords entered via them. However, this is not all. As experts from ESET emphasize, both applications could also capture SMS messages containing codes for authorizing online transactions without the user’s knowledge. ESET has already informed Google about detected threats. Unfortunately, until they were removed, they were downloaded by Polish users several thousand times.

How do fake applications work?

Just after downloading the malicious application, this one started scanning the device in search of banking applications. If an application of one of the fourteen banks was detected, the malicious program began to imitate the actions of such an application in the background. Displayed the victim in the system notifications “New message from the bank” or forced login to the bank account.

– We detect both applications as a threat to Android / Spy.Banker.QL and we prevent its installation. As our data show, over 96% of detected cases come from Poland (the remaining 4% have their source in Austria) – is translating Kamil Sadkowski, a threat analyst with ESET.

How to get rid of malware?

– If you use infected applications, you must delete it immediately. The bad news is that if you installed it and you have one of fourteen selected banking applications on your device, the fraudsters could not only get into your bank account but also get your money out of it – underlines Kamil Sadkowski.

The expert advises in this case to verify the history of your account from the last month. To avoid infection with these types of malicious applications, always check app ratings and their reviews before installing them on your device. It is worth paying attention to the permissions requested by downloaded applications, and also to protect your tablet or smartphone with security software. Below is a list of 14 banking applications that targeted malicious software:

1. Alior Mobile
2. BZWBK24 mobile
3. Getin Mobile
4. IKO
5. My ING mobile
6. Bank Millennium
7. mBank PL
8. BusinessPro
9. Nest Bank
10. Bank Pekao
11. PekaoBiznes24
12. plusbank24
13. Mobile Bank
14. Citi Handlowy

Source: ESET

Leave a Reply

Your email address will not be published. Required fields are marked *

%d bloggers like this: