Monday, July 14, 2014

Banking Malware Found on Google Play

San Francisco-based mobile security company Lookout disclosed last month it found a malware banking app in the official Google Play store. Called BankMirage, the app targeted customers of the Israeli financial institution Mizrahi Bank.

Curiously, the app harvested only user login names and apparently not passwords, according to a blog entry posted by Lookout security communication manager Meghan Kelly.

“It’s effectively a phishing attack,” Kelly wrote in her June 24 post.

BankMirage’s architecture was simple. The developer put a wrapper around the Bank Mizrahi app, nothing more; so, it masqueraded as the official Bank Mizrahi app.

“Once the user ID is stored the app returns a message to the user saying that the login failed and to, instead, reinstall the legitimate banking app from the Play Store,’ Kelly wrote.

Most mobile security experts have urged Android users to download apps only from Google Play and perhaps the Amazon Apps store, on the assumption that these tech behemoths effectively screen apps before putting them in front of users.

That advice remains valid, but as BankMirage illustrated, it is not guaranteed.