Antivirus company ESET announced the discovery of a new batch of malicious applications on Google Play, with the help of which cybercriminals collect bank card and online banking data, and then store the stolen information on the Internet in the public domain.
It is noted that the detected malicious applications appeared on Google Play in June-July 2018. They mimic the official apps of the three Indian banks and are downloaded on behalf of different developers, although in fact they were created by the same author (or group).
All applications follow the same pattern. They offer customers to increase their credit card limit.
After launching the application displays a form for entering card data, the limit of which is supposed to be increased. After filling in all the cells and clicking 'Submit', the user proceeds to the next screen – there they are asked for credentials to enter online banking.
All fields are marked as required, although in fact they can be left blank (this flaw also indicates the questionable origin of the application).
On the last, third screen, the user is thanked for their interest and promises that a 'customer service manager' will contact him shortly.
The information entered in the application is sent to the attackers' server in plain text. The server on which the data is stored is accessible to anyone via a link, without additional authentication. This can increase the damage to victims, since their banking data is available not only to the authors of malicious applications, but also to other possible attackers.
ESET notes that malicious applications were removed from Google Play after a warning, but several hundred users managed to install them.