Skip to main content
  1. Home
  2. Mobile
  3. News

Clone app that steals usernames spotted in Google Play Store

Christian Brazil Bautista
By
google-play-store
Image used with permission by copyright holder

A malicious cloned banking app has cast doubt on the security of the Google Play store. In a blog post, mobile security company Lookout announced that it uncovered malware that steals user credentials.

The cloned app, called BankMirage, targets customers of an Israeli financial institution called Mizrahi Bank. According to Lookout, the creators of the malware put a wrapper around the bank’s legitimate app and redistributed the clone in the Google Play Store. 

Recommended Videos

When a user opens the app, a login form is loaded and the app collects user IDs as credentials are being entered. Once the user ID has been stolen, the app displays a login failed message and directs users to reinstall the official Mizrahi Bank app from the Play Store. 

Related

Oddly, the creators of the cloned app only target user IDs, not passwords. In the code for the malware, the developers inserted a comment that directs the software to only collect user IDs.     

“Unfortunately, with an app that sneaks into the Google Play Store, it’s hard to use traditional means to protect yourself. For example, looking to see if this is a developer you trust, or making sure your phone has ‘Unknown sources’ is unchecked to prevent dropped or drive-by-download app installs,” the Lookout report reads.

“You can, however, go on some instincts. For example, if you see a duplicate of the app you’re trying to download, one might not be legitimate. You can otherwise keep yourself safe by installing an app-scanning security solution on your phone, such as Lookout.”

The discovery comes just days after researchers announced a major security flaw in the Google Play Store itself. The bug, which was unveiled by experts from Columbia University, affected secret keys in Play Store software. The researchers created an app called PlayDrone and found that developers stored secret keys in apps, which is said to be tantamount to writing the PIN number on ATM cards. The information can be used to steal user data from social networks like Facebook.  

Lookout has alerted Google to the BankMirage malware. The app has since been removed.

Editors' Recommendations

Topics
Christian Brazil Bautista
Christian Brazil Bautista
Former Digital Trends Contributor
Christian Brazil Bautista is an experienced journalist who has been writing about technology and music for the past decade…
Our 5 favorite iPhone and Android apps by Black developers
An iPhone with apps from Black developers downloaded on it.

As we wrap up the celebration of 2023's Black History Month, it remains important to recognize and appreciate the contributions that Black people have made in various fields, including technology and the smartphone apps we use every day. From social media platforms to productivity tools, Black developers and other people of color have worked hard to create innovative, useful, and just plain fun apps.

Here, we're focusing on five helpful apps developed by Black people that you should check out. These iPhone and Android apps range from ones that help you discover and support Black-owned businesses to ones that provide legal assistance in case of an emergency to ones that curate and highlight sources of news and entertainment by Black creators.
We Read Too

Read more
This free Android app gave my phone cloning superpowers
Dual Chrome open on Samsung Galaxy S22 Ultra held in hand in front of flower pots.

Today, we look at an Android app that lets you run two instances of the same app completely isolated from each other. Whether it's to ensure that one Android app doesn't read data from the other, have two different accounts for messaging or social media apps (like WhatsApp and Instagram), or play the same game with two different accounts, Island can remedy many restrictions imposed by your smartphone manufacturer or Android itself.

It's fairly common to have -- and easy to get -- a second phone number, even without owning a dual-SIM mobile phone. Whether you need it to keep your work and personal lives separate or to foster two different personalities for different types of friends, a second number can be quite handy. Many smartphones already have "dual app" features to help separate messages for both numbers, but such features are not free from defects.

Read more
Don’t listen to billionaires like Elon Musk — app stores are fantastic
App store icon showing three notifications.

It’s time to celebrate the app store. Not just Apple’s App Store, but Google Play too. They are digital toy shops, full of wonders and joy, available to everyone who walks through the virtual door. When you’re inside you feel safe and secure, everything is in place for you to quickly pay for all your new things, so you walk away happy and satisfied.

App stores are the lifeblood of our smartphones, and trust me — you don’t want to know what it would be like without them. But let's imagine it for a moment because there has been a lot of noise over the past few days about app stores being bad places. Don’t listen, because this is only true if you’re a billionaire wanting to become, er, more of a billionaire.
Confidence and convenience

Read more