Cybersecurity company ESET has discovered six fake banking and personal finance apps on the Android store. The apps had been installed more than 1,000 times total before being taken down by Google.
ESET believes all of the apps are the work of a single attacker. They have impersonated six banks from New Zealand, Australia, the United Kingdom, Switzerland and Poland, and the Austrian cryptocurrency exchange Bitpanda.
Using bogus forms, the malicious fakes phish for credit card details and login credentials to the impersonated legitimate services. Some of the apps take advantage of the absence of an official mobile app for the targeted service (such as Bitpanda), while others attempt to fool users by impersonating existing official apps.