San Francisco-based mobile security company Lookout disclosed last month it found a malware banking app in the official Google Play store. Called BankMirage, the app targeted customers of the Israeli financial institution Mizrahi Bank.
Curiously, the app harvested only user login names and apparently not passwords, according to a blog entry posted by Lookout security communication manager Meghan Kelly.
“It's effectively a phishing attack,” Kelly wrote in her June 24 post.
BankMirage's architecture was simple. The developer put a wrapper around the Bank Mizrahi app, nothing more; so, it masqueraded as the official Bank Mizrahi app.
“Once the user ID is stored the app returns a message to the user saying that the login failed and to, instead, reinstall the legitimate banking app from the Play Store,' Kelly wrote.
Most mobile security experts have urged Android users to download apps only from Google Play and perhaps the Amazon Apps store, on the assumption that these tech behemoths effectively screen apps before putting them in front of users.
That advice remains valid, but as BankMirage illustrated, it is not guaranteed.
“Unfortunately, with an app that sneaks into the Google Play store, it's hard to use traditional means to protect yourself,” Kelly wrote.
Most experts continue to anticipate an avalanche of mobile malware, but so far it has been more of a trickle than a torrent, especially regarding U.S. based users.
As far as BankMirage goes. that threat has been neutralized.
“We alerted Google to the issue, which immediately removed the app,” she wrote.
Complete your profile to continue reading and get FREE access to CUTimes.com, part of your ALM digital membership.
Your access to unlimited CUTimes.com content isn’t changing.
Once you are an ALM digital member, you’ll receive:
- Breaking credit union news and analysis, on-site and via our newsletters and custom alerts
- Weekly Shared Accounts podcast featuring exclusive interviews with industry leaders
- Educational webcasts, white papers, and ebooks from industry thought leaders
- Critical coverage of the commercial real estate and financial advisory markets on our other ALM sites, GlobeSt.com and ThinkAdvisor.com
Already have an account? Sign In Now
© 2024 ALM Global, LLC, All Rights Reserved. Request academic re-use from www.copyright.com. All other uses, submit a request to [email protected]. For more information visit Asset & Logo Licensing.
