Skip to main content

Clone app that steals usernames spotted in Google Play Store

google-play-store
Image used with permission by copyright holder

A malicious cloned banking app has cast doubt on the security of the Google Play store. In a blog post, mobile security company Lookout announced that it uncovered malware that steals user credentials.

The cloned app, called BankMirage, targets customers of an Israeli financial institution called Mizrahi Bank. According to Lookout, the creators of the malware put a wrapper around the bank’s legitimate app and redistributed the clone in the Google Play Store. 

Recommended Videos

When a user opens the app, a login form is loaded and the app collects user IDs as credentials are being entered. Once the user ID has been stolen, the app displays a login failed message and directs users to reinstall the official Mizrahi Bank app from the Play Store. 

Oddly, the creators of the cloned app only target user IDs, not passwords. In the code for the malware, the developers inserted a comment that directs the software to only collect user IDs.     

“Unfortunately, with an app that sneaks into the Google Play Store, it’s hard to use traditional means to protect yourself. For example, looking to see if this is a developer you trust, or making sure your phone has ‘Unknown sources’ is unchecked to prevent dropped or drive-by-download app installs,” the Lookout report reads.

“You can, however, go on some instincts. For example, if you see a duplicate of the app you’re trying to download, one might not be legitimate. You can otherwise keep yourself safe by installing an app-scanning security solution on your phone, such as Lookout.”

The discovery comes just days after researchers announced a major security flaw in the Google Play Store itself. The bug, which was unveiled by experts from Columbia University, affected secret keys in Play Store software. The researchers created an app called PlayDrone and found that developers stored secret keys in apps, which is said to be tantamount to writing the PIN number on ATM cards. The information can be used to steal user data from social networks like Facebook.  

Lookout has alerted Google to the BankMirage malware. The app has since been removed.

Christian Brazil Bautista
Christian Brazil Bautista is an experienced journalist who has been writing about technology and music for the past decade…
The Google Home app is getting a long-overdue feature
The Google Home logo on a Pixel phone.

According to the sleuths over at Android Authority, the Google Home app is about to get a much-needed feature that I'm honestly shocked hasn't been added yet: a search bar.

If you've never used the Google Home app before, it's sort of the command center for all things smart home in the Google smart home ecosystem. If you only have a few smart home devices, it's easy enough to navigate — but if you have an extensive smart home setup, you could have upwards of 50 devices listed in the app. If you don't take time to organize and label them, it gets unwieldy fast.

Read more
Now Playing is the best Google Pixel 9 feature you aren’t using
The Google Pixel 9 standing upright next to an Android statue.

The Google Pixel 9 is here, and if you haven't heard yet, it's excellent. Google did almost everything right this year — releasing phones with gorgeous hardware, excellent cameras, great battery life, and more.

All Pixel 9 phones also come with a host of new AI features. Some of them, like Add Me and Pixel Screenshots, are legitimately great. Others, like Pixel Studio, could have used more time in the oven.

Read more
How to use Google’s Gemini AI app on your Android phone or iPhone
How to use Gemini on your Android.based device.

Google Gemini is a powerful AI assistant that can help you with a variety of tasks, from writing and brainstorming to learning and finding information. It’s designed to be a versatile and helpful tool that can enhance your productivity and creativity.

Read more