- Content source
- http://www.theregister.co.uk/2016/04/29/google_play_malware/
Security researcher Joshua Shilko says phishing apps targeting some of the world's biggest payment services have slipped past screening and landed on Google Play.
Shilko says he's aware of 11 well-designed fraud apps that have slipped into the official Play store, often by mimicking mobile payment sites.
Shilko did not name the affected payment sites but one appears to be UK based payment firm Neteller.
There is no suggestion the firms are at fault; rather it is the clever but basic design of the apps as a malicious mobile web page rather than a heavier malware .apk that could be part of the attacker's success. Google's part of the problem too: Shilko says the company can take "several days" to act on user fraud reports.
"These attacks combine traditional, browser-based phishing attacks with the mobile platform in order to create convincing mobile applications," Shilko says.
Read more Google Play infested with cash-stealing web apps
Shilko says he's aware of 11 well-designed fraud apps that have slipped into the official Play store, often by mimicking mobile payment sites.
Shilko did not name the affected payment sites but one appears to be UK based payment firm Neteller.
There is no suggestion the firms are at fault; rather it is the clever but basic design of the apps as a malicious mobile web page rather than a heavier malware .apk that could be part of the attacker's success. Google's part of the problem too: Shilko says the company can take "several days" to act on user fraud reports.
"These attacks combine traditional, browser-based phishing attacks with the mobile platform in order to create convincing mobile applications," Shilko says.
Read more Google Play infested with cash-stealing web apps
