Skip to main content
  1. Home
  2. Mobile
  3. News

Clone app that steals usernames spotted in Google Play Store

By
google-play-store
Image used with permission by copyright holder

A malicious cloned banking app has cast doubt on the security of the Google Play store. In a blog post, mobile security company Lookout announced that it uncovered malware that steals user credentials.

The cloned app, called BankMirage, targets customers of an Israeli financial institution called Mizrahi Bank. According to Lookout, the creators of the malware put a wrapper around the bank’s legitimate app and redistributed the clone in the Google Play Store. 

Recommended Videos

When a user opens the app, a login form is loaded and the app collects user IDs as credentials are being entered. Once the user ID has been stolen, the app displays a login failed message and directs users to reinstall the official Mizrahi Bank app from the Play Store. 

Related

Oddly, the creators of the cloned app only target user IDs, not passwords. In the code for the malware, the developers inserted a comment that directs the software to only collect user IDs.     

“Unfortunately, with an app that sneaks into the Google Play Store, it’s hard to use traditional means to protect yourself. For example, looking to see if this is a developer you trust, or making sure your phone has ‘Unknown sources’ is unchecked to prevent dropped or drive-by-download app installs,” the Lookout report reads.

“You can, however, go on some instincts. For example, if you see a duplicate of the app you’re trying to download, one might not be legitimate. You can otherwise keep yourself safe by installing an app-scanning security solution on your phone, such as Lookout.”

The discovery comes just days after researchers announced a major security flaw in the Google Play Store itself. The bug, which was unveiled by experts from Columbia University, affected secret keys in Play Store software. The researchers created an app called PlayDrone and found that developers stored secret keys in apps, which is said to be tantamount to writing the PIN number on ATM cards. The information can be used to steal user data from social networks like Facebook.  

Lookout has alerted Google to the BankMirage malware. The app has since been removed.

Editors’ Recommendations

Topics
Christian Brazil Bautista
Christian Brazil Bautista
Former Digital Trends Contributor
Christian Brazil Bautista is an experienced journalist who has been writing about technology and music for the past decade…
Google Lens and Google Pay are about to get more helpful for holiday shopping
The new Google Wallet app running on an Android phone.

The holiday season is upon us, and that probably means you’ll be doing a lot of shopping in the coming weeks. Google is doing its part to help make that shopping experience a bit easier, especially if you want to do some in-person shopping rather than online, with some new features hitting Google Lens and Google Pay ahead of the holidays.
Shop better through Google Lens

According to Google, Google Lens performs about 20 billion visual searches each month, and about 20% of those are shopping-related. Today's update helps make Lens more useful by giving you insights tailored to the store you are currently in so you can make informed decisions.

Read more
The Google Messages app is getting a few important safety features
google messages scam identity fraud package delivery spam features detect

Google’s software theme for 2024 has been safety. With the arrival of Android 15, the company added a host of anti-theft measures for phones, and later locked the Find My system behind biometric check. Next in line is the Messages app.

Earlier today, the company announced enhanced scam detection, putting special focus on package delivery scams and job frauds. Package delivery frauds have been on the rise lately, and they are being used for everything from brushing scams to those extorting money in the name of fake package delivery problems.

Read more
Google’s Pixel Weather app could get a fun new feature
Google Pixel showing the Google Pixel Weather app.

Google’s Pixel Weather app is one of the newest forecasting apps on the market. And now the company is likely to soon introduce a unique feature designed to enhance the user experience and make Pixel Weather stand out in a very ... unique way.

According to Android Authority, the app will include a new feature called “Immersive Weather Vibrations.” This feature will make supported Pixel phones vibrate in sync with weather animations, adding an exciting element for users.

Read more