Banking Malware Found on Google Play
San Francisco-based mobile security company Lookout disclosed last month it found a malware banking app in the official Google Play store. Called BankMirage, the app targeted customers of the Israeli financial institution Mizrahi Bank.
Curiously, the app harvested only user login names and apparently not passwords, according to a blog entry posted by Lookout security communication manager Meghan Kelly.
“It’s effectively a phishing attack,” Kelly wrote in her June 24 post.
BankMirage’s architecture was simple. The developer put a wrapper around the Bank Mizrahi app, nothing more; so, it masqueraded as the official Bank Mizrahi app.
“Once the user ID is stored the app returns a message to the user saying that the login failed and to, instead, reinstall the legitimate banking app from the Play Store,’ Kelly wrote.
Most mobile security experts have urged Android users to download apps only from Google Play and perhaps the Amazon Apps store, on the assumption that these tech behemoths effectively screen apps before putting them in front of users.
That advice remains valid, but as BankMirage illustrated, it is not guaranteed.
“Unfortunately, with an app that sneaks into the Google Play store, it’s hard to use traditional means to protect yourself,” Kelly wrote.
Most experts continue to anticipate an avalanche of mobile malware, but so far it has been more of a trickle than a torrent, especially regarding U.S. based users.
As far as BankMirage goes. that threat has been neutralized.
“We alerted Google to the issue, which immediately removed the app,” she wrote.