Security Market Segment LS
Thursday, 20 September 2018 05:12

Fake CommBank, ANZ apps found on Google Play Store Featured

Fake CommBank, ANZ apps found on Google Play Store Courtesy ESET

Fake apps for the Commonwealth Bank and ANZ are among a number of bogus Android applications attempting to represent six banks on Google's Play Store, the Slovakian security firm ESET claims.

The other banks whose apps are being faked are Britain's TSB, Switzerland's Post Finance, Poland's WBK Zachodni and Austrian cryptocurrency exchange Bitpanda, the company said in a blog post.

The fake apps were using bogus forms to obtain credit card details and login credentials, it said.

anz bank fake

The opening screen for the fake ANZ app.

ESET's Lukas Stefanko wrote that the fake apps had been around in the Google Play Store since June 2018 and had been downloaded more than a thousand times each before they removed by Google.

"The apps were uploaded under different developer names, each using a different guise," Stefanko said. "However, code similarities suggest the apps are the work of a single attacker. The apps use obfuscation, which might have contributed to their slipping into the store undetected."

fake banking

The six fake Android banking apps found by ESET on the Google Play Store.

While the apps do not operate in an uniform manner, when launched they all show screens that ask for credit card details or login credentials. If anyone did provide these details, these were then sent to the attacker's server.

Stefanko offered the following advice to avoid falling victim to these and any other fake banking or financial services apps:

  • "Only trust mobile banking and other finance apps if they are linked from the official website of your bank or the financial service;
  • "Only download apps from Google Play; this does not ensure the app is not malicious, but apps like these are much more common on third-party app stores and are rarely removed once uncovered, unlike on Google Play;
  • "Pay attention to the number of downloads, app ratings and reviews when downloading apps from Google Play;
  • "Only enter your sensitive information into online forms if you are sure of their security and legitimacy; and
  • "Keep your Android device updated and use a reliable mobile security solution."

Screenshots: courtesy ESET


You cannot afford to miss this Dell Webinar.

With Windows 7 support ending 14th January 2020, its time to start looking at your options.

This can have significant impacts on your organisation but also presents organisations with an opportunity to fundamentally rethink the way users work.

The Details

When: Thursday, September 26, 2019
Presenter: Dell Technologies
Location: Your Computer


QLD, VIC, NSW, ACT & TAS: 11:00 am
SA, NT: 10:30 am
WA: 9:00 am NZ: 1:00 pm

Register and find out all the details you need to know below.



iTWire can help you promote your company, services, and products.


Advertise on the iTWire News Site / Website

Advertise in the iTWire UPDATE / Newsletter

Promote your message via iTWire Sponsored Content/News

Guest Opinion for Home Page exposure

Contact Andrew on 0412 390 000 or email [email protected]


Sam Varghese

website statistics

Sam Varghese has been writing for iTWire since 2006, a year after the site came into existence. For nearly a decade thereafter, he wrote mostly about free and open source software, based on his own use of this genre of software. Since May 2016, he has been writing across many areas of technology. He has been a journalist for nearly 40 years in India (Indian Express and Deccan Herald), the UAE (Khaleej Times) and Australia (Daily Commercial News (now defunct) and The Age). His personal blog is titled Irregular Expression.



Recent Comments