San Francisco-based mobile security company Lookout disclosedlast month it found a malware banking app in the official Google Play store. CalledBankMirage, the app targeted customers of the Israeli financialinstitution Mizrahi Bank.

Curiously, the app harvested only user login names andapparently not passwords, according to a blog entry posted byLookout security communication manager Meghan Kelly.

“It's effectively a phishing attack,” Kelly wrote in her June 24post.

BankMirage's architecture was simple. The developer put awrapper around the Bank Mizrahi app, nothing more; so, itmasqueraded as the official Bank Mizrahi app.

“Once the user ID is stored the app returns a message tothe user saying that the login failed and to, instead, reinstallthe legitimate banking app from the Play Store,' Kelly wrote.

Most mobile security experts have urged Android users todownload apps only from Google Play and perhaps the Amazon Appsstore, on the assumption that these tech behemoths effectivelyscreen apps before putting them in front of users.

That advice remains valid, but as BankMirage illustrated, it isnot guaranteed.

“Unfortunately, with an app that sneaks into the Google Playstore, it's hard to use traditional means to protect yourself,”Kelly wrote.

Most experts continue to anticipate an avalanche of mobilemalware, but so far it has been more of a trickle than atorrent, especially regarding U.S. based users.

As far as BankMirage goes. that threat has beenneutralized.

“We alerted Google to the issue, which immediately removedthe app,” she wrote.