Skip to main content
  1. Home
  2. Mobile
  3. News

Clone app that steals usernames spotted in Google Play Store

By
google-play-store
Image used with permission by copyright holder

A malicious cloned banking app has cast doubt on the security of the Google Play store. In a blog post, mobile security company Lookout announced that it uncovered malware that steals user credentials.

The cloned app, called BankMirage, targets customers of an Israeli financial institution called Mizrahi Bank. According to Lookout, the creators of the malware put a wrapper around the bank’s legitimate app and redistributed the clone in the Google Play Store. 

Recommended Videos

When a user opens the app, a login form is loaded and the app collects user IDs as credentials are being entered. Once the user ID has been stolen, the app displays a login failed message and directs users to reinstall the official Mizrahi Bank app from the Play Store. 

Related

Oddly, the creators of the cloned app only target user IDs, not passwords. In the code for the malware, the developers inserted a comment that directs the software to only collect user IDs.     

“Unfortunately, with an app that sneaks into the Google Play Store, it’s hard to use traditional means to protect yourself. For example, looking to see if this is a developer you trust, or making sure your phone has ‘Unknown sources’ is unchecked to prevent dropped or drive-by-download app installs,” the Lookout report reads.

“You can, however, go on some instincts. For example, if you see a duplicate of the app you’re trying to download, one might not be legitimate. You can otherwise keep yourself safe by installing an app-scanning security solution on your phone, such as Lookout.”

The discovery comes just days after researchers announced a major security flaw in the Google Play Store itself. The bug, which was unveiled by experts from Columbia University, affected secret keys in Play Store software. The researchers created an app called PlayDrone and found that developers stored secret keys in apps, which is said to be tantamount to writing the PIN number on ATM cards. The information can be used to steal user data from social networks like Facebook.  

Lookout has alerted Google to the BankMirage malware. The app has since been removed.

Editors’ Recommendations

Topics
Christian Brazil Bautista
Christian Brazil Bautista
Former Digital Trends Contributor
Christian Brazil Bautista is an experienced journalist who has been writing about technology and music for the past decade…
You can now send higher-quality photos in RCS Google Messages chats. Here’s how
Google Messages app on a Pixel 8 Pro, showing an RCS Chat message thread.

Google Messages is one of the most popular messaging platforms on the planet — so popular, in fact, that companies like Samsung and Verizon are doing away with their in-house messaging apps in favor of it. More than 1 billion users engage with Google Messages monthly, and a large part of the experience is RCS. We've been eagerly looking forward to the introduction of quality control when sending photos, a feature first spotted earlier this month.

Now, Google Messages has begun rolling out the "original quality" media-sharing feature, as noted by Android Authority. For now, it's only available in the beta, but that's a firm sign that all users will be receiving it shortly.

Read more
Google Messages is going to make backing up and restoring texts so much easier
Google messages versus samsung messages app icons side by side on Galaxy Z Fold 5.

Backing up and restoring Google Messages on Android is managed through Google One in the device’s Settings app. However, you can’t perform this action directly from the Google Messages app. This may change soon.

According to 9to5Google, a Google Messages app beta (version 20241118_02_RC00) includes references to a backup and restore option directly in the app.Android Authority has been able to view images of the new feature and offer early insight into how it works.

Read more
Google’s Pixel Weather app just got two new features. Here’s how they work
The Pixel Weather app on a Google Pixel 9.

The Pixel Weather app has been the focus of a lot of attention lately as Google revamps the user experience and adds more features. Now, there's more good news: two of those promised functions — the Pollen count card and immersive vibrations — are newly available, at least for some users.

Thanks to "immersive weather vibrations," the Pixel Weather app vibrates to match the animated backgrounds it displays, with intensity levels that mirror the precipitation amount (because it's not just rainfall), according to 9to5Google. Of course, if you don't like the feature, you can disable it in the account menu.

Read more