Despite Google's harsh attitude towards malicious encryption applications, some still find ways to slip through its network.
Security and malware researcher Lukas Stefanko published a video yesterday, revealing how a malicious application, distributed through the Google Play Store, steals sensitive data from unsuspecting users.
Disguised as a currency conversion tool, the application (called the Easy Rates Converter) is actually designed to grab your personal credentials for a range of legitimate applications. Among other applications, the attackers targeted CommBank, Google Play, as well as the official implementation of Binance, one of the world's largest cryptoskeletal exchange units. According to Stefanko, the application had over 500 downloads.
When the user downloads the application, it installs and works as you would expect. However, in the background, it also downloads and installs malware phishing software that has been added as an update to Adobe Flash. It sounds familiar.
The malware then waits for the moment to hit.
When you open legitimate applications like Binance, the malicious program creates a "fake activity" that overlaps the legitimate application. "False activity" prompts the user to enter the user's details, which are then stored and sent to the phishers.
Stefanko demonstrates malware with the conventional CommBank banking application, but also says he is diving into Binance.
In theory, this would be enough to gain unauthorized access not only in encryption exchange accounts, but also in your normal banking applications.
It seems that the ruthless app has since been removed from Google Play. Hard Fork arrived at Google for comments. We will update this piece as we will learn more.
Malicious software like this could be difficult to detect, as the application actually installs a legitimate program that works as you would expect.
To avoid dropping these applications, Stefanko told Hard Fork that users should "control [the] rating and reliability the developer [and stick to] verified applications (many installations) that are not new. "
Post November 2, 2018 – 14:55 UTC