Security Market Segment LS
Thursday, 20 September 2018 05:12

Fake CommBank, ANZ apps found on Google Play Store Featured

Fake CommBank, ANZ apps found on Google Play Store Courtesy ESET

Fake apps for the Commonwealth Bank and ANZ are among a number of bogus Android applications attempting to represent six banks on Google's Play Store, the Slovakian security firm ESET claims.

The other banks whose apps are being faked are Britain's TSB, Switzerland's Post Finance, Poland's WBK Zachodni and Austrian cryptocurrency exchange Bitpanda, the company said in a blog post.

The fake apps were using bogus forms to obtain credit card details and login credentials, it said.

anz bank fake

The opening screen for the fake ANZ app.

ESET's Lukas Stefanko wrote that the fake apps had been around in the Google Play Store since June 2018 and had been downloaded more than a thousand times each before they removed by Google.

"The apps were uploaded under different developer names, each using a different guise," Stefanko said. "However, code similarities suggest the apps are the work of a single attacker. The apps use obfuscation, which might have contributed to their slipping into the store undetected."

fake banking

The six fake Android banking apps found by ESET on the Google Play Store.

While the apps do not operate in an uniform manner, when launched they all show screens that ask for credit card details or login credentials. If anyone did provide these details, these were then sent to the attacker's server.

Stefanko offered the following advice to avoid falling victim to these and any other fake banking or financial services apps:

  • "Only trust mobile banking and other finance apps if they are linked from the official website of your bank or the financial service;
  • "Only download apps from Google Play; this does not ensure the app is not malicious, but apps like these are much more common on third-party app stores and are rarely removed once uncovered, unlike on Google Play;
  • "Pay attention to the number of downloads, app ratings and reviews when downloading apps from Google Play;
  • "Only enter your sensitive information into online forms if you are sure of their security and legitimacy; and
  • "Keep your Android device updated and use a reliable mobile security solution."

Screenshots: courtesy ESET


26-27 February 2020 | Hilton Brisbane

Connecting the region’s leading data analytics professionals to drive and inspire your future strategy

Leading the data analytics division has never been easy, but now the challenge is on to remain ahead of the competition and reap the massive rewards as a strategic executive.

Do you want to leverage data governance as an enabler?Are you working at driving AI/ML implementation?

Want to stay abreast of data privacy and AI ethics requirements? Are you working hard to push predictive analytics to the limits?

With so much to keep on top of in such a rapidly changing technology space, collaboration is key to success. You don't need to struggle alone, network and share your struggles as well as your tips for success at CDAO Brisbane.

Discover how your peers have tackled the very same issues you face daily. Network with over 140 of your peers and hear from the leading professionals in your industry. Leverage this community of data and analytics enthusiasts to advance your strategy to the next level.

Download the Agenda to find out more


Sam Varghese

website statistics

Sam Varghese has been writing for iTWire since 2006, a year after the site came into existence. For nearly a decade thereafter, he wrote mostly about free and open source software, based on his own use of this genre of software. Since May 2016, he has been writing across many areas of technology. He has been a journalist for nearly 40 years in India (Indian Express and Deccan Herald), the UAE (Khaleej Times) and Australia (Daily Commercial News (now defunct) and The Age). His personal blog is titled Irregular Expression.



Recent Comments