Fake Google Play Store Downloads Infected Banking Apps On Mobile Devices

Published: February 07, 2022 on our newsletter Security Fraud News & Alerts Newsletter.



We know cybercriminals love hiding malicious apps in Google’s Play Store. It’s still the safest place for Android mobile users to download apps even though it’s been far from perfect. Google does scan apps for malware before making them publicly available, but some make it there regardless of their efforts. So, what do you do when the safest place in the world to download Android apps is itself a fake and malicious site?


According to researchers who discovered this criminal scheme, the fake Play Store downloads malicious banking apps onto mobile devices. The result for victims is those behind this cyber-scam clean out their bank accounts without so much as a clue.



A Clone of Your Own?


Although experts don’t yet know who’s behind the bogus Play Store site, they agree phishing tactics likely lure the victims into clicking on a malicious link leading to the fake website. This bait catches those who follow the link rather than those clicking directly on their Smartphone’s Play Store icon. TechRadar finds the fake page is nearly an exact duplicate of Play Store, making it nearly impossible for users to spot the differences between the clone and the original.


Although being redirected to the bogus Play Store site is the start of this malicious scheme, the real damage comes when an infected app gets downloaded onto a mobile device. The app first downloads a custom APK (Android Package Kit) installer, a risky file when hackers get hold of them first. The Android OS then uses the information inside the APK to install the fake banking app, and as a result, the device is infected with trojan banking malware.


Avoiding Clone Websites


Following links to a website isn’t recommended because a lot can go wrong, like hacker’s using duplicate sites to steal your PII. Before taking any actions on a website, from online shopping to finances, double and triple check the URL spelling. Bad actors can slip a subtle change into the URL that’s difficult to spot but closely mirrors the authentic spelling. Consider bookmarking the legitimate URL for ease and certainty with future use. Also beware of bad graphics, spelling and awkward grammar as signs of a cloned website.

Keep up to date: Sign up for our Fraud alerts and Updates newsletter

Want to schedule a conversation? Please email us at advisor@nadicent.com

4 views0 comments