When it comes to banking and financial information, you can never be too careful when it comes to protecting your details, especially when doing online transactions. But what if the threat is coming from a trusted source, who also is not aware that they are posing a threat? Lookout, an antivirus app and service, informed Google that a malware has sneaked its way into the Google Play Store, intent on stealing the usernames of customers.
But before you panic and delete all your Google Play Store information, the malware has affected only customers of an Israeli bank, Mizrahi Bank. The malware is called BankMirage and it was able to put a wrap on the bank’s original app and then reuploaded it into the Google Play Store. Once users use and log on to it, an in-app html page then grabs the user’s credentials, but surprisingly, it does not get the password, just the username. When they’ve already gotten the user ID, it will then send a message to the user that they need to reinstall the legitimate app.
This isn’t the first time that a banking malware has made its way to the Google Play Store. In fact, one of the Korean-based malwares not just masqueraded as a the bank’s app but as the Google Play Store app itself. PlayBanker and BankUn are just two of those that have tried to hack into the users’ of Korean banking apps. The issue of these banking malware is much more common in Asian and European-based markets than in the United States.
Lookout has suggested some tips in order to prevent being duped by these malware. One is to check if the app you’re trying to download has a duplicate on the Google Play Store. Chances are, one of them is a malware in disguise. Lookout is also offering its service as an app-scanning solution for your mobile devices. With regards to BankMirage, Google removed the Mizrahi Bank app immediately when they were informed about the malware.
Download Lookout on the Google Play Store.