Clone app that steals usernames spotted in Google Play Store

google-play-store

A malicious cloned banking app has cast doubt on the security of the Google Play store. In a blog post, mobile security company Lookout announced that it uncovered malware that steals user credentials.

The cloned app, called BankMirage, targets customers of an Israeli financial institution called Mizrahi Bank. According to Lookout, the creators of the malware put a wrapper around the bank’s legitimate app and redistributed the clone in the Google Play Store. 

When a user opens the app, a login form is loaded and the app collects user IDs as credentials are being entered. Once the user ID has been stolen, the app displays a login failed message and directs users to reinstall the official Mizrahi Bank app from the Play Store. 

Oddly, the creators of the cloned app only target user IDs, not passwords. In the code for the malware, the developers inserted a comment that directs the software to only collect user IDs.     

“Unfortunately, with an app that sneaks into the Google Play Store, it’s hard to use traditional means to protect yourself. For example, looking to see if this is a developer you trust, or making sure your phone has ‘Unknown sources’ is unchecked to prevent dropped or drive-by-download app installs,” the Lookout report reads.

“You can, however, go on some instincts. For example, if you see a duplicate of the app you’re trying to download, one might not be legitimate. You can otherwise keep yourself safe by installing an app-scanning security solution on your phone, such as Lookout.”

The discovery comes just days after researchers announced a major security flaw in the Google Play Store itself. The bug, which was unveiled by experts from Columbia University, affected secret keys in Play Store software. The researchers created an app called PlayDrone and found that developers stored secret keys in apps, which is said to be tantamount to writing the PIN number on ATM cards. The information can be used to steal user data from social networks like Facebook.  

Lookout has alerted Google to the BankMirage malware. The app has since been removed.

Computing

Apple’s unsafe Mac App Store is simply inexcusable

Multiple reports have indicated top apps in the Mac App Store have been stealing sensitive data right. Not only did Apple fail to properly vet them, it ignored warnings from security researchers for weeks. Is a safe app store too much to…
Computing

Customer data is compromised as hackers crack Newegg’s security

Online electronics retailer Newegg has found themselves at the heart of an online security breach as the company's payment system was breached, giving hackers of the notorious group, Magecart, potential access to confidential customer data…
Smart Home

Google Assistant will now help Simplisafe keep homes secure

SimpliSafe has added Google Assistant voice commands to its home security system. Customers can now use Google Assistant commands to configure, arm, and check their home security system components.
Smart Home

California passes bill that regulates security for Internet of Things devices

California recently became the first state in the country to pass a bill that regulates Internet of Things security. The bill requires manufacturers to include "reasonable security" measures on devices produced in the US.
Mobile

The best weather apps for the iPhone

Don't rely solely on your local meteorologist to stay up to date on the weather. Take matters into your own hands with one of these weather apps, each of which brings something unique to the table.
Mobile

Be an online phantom and web surf safely with Ghostery’s mobile browser

Keeping your private information to yourself has become progressively harder in the internet age. If you're worried about your personal information, check out the new version of the Ghostery browser for iOS and Android.
Mobile

Updating to Apple’s iOS 12 will make your iPhone a whole lot smarter

iOS 12, the latest version of Apple’s iOS, is officially here. We took it for a spin to check out its new noteworthy features, and if it truly changes our smartphone habits for the better.
Mobile

OnePlus 6T may launch soon with in-display fingerprint sensor, dual cameras

According to a recent report, the launch of the OnePlus 6T could be different from any other OnePlus launch in history. How? It could have the backing of a major U.S. carrier. Here's everything we know about the OnePlus 6T.
Mobile

Code found in iOS 12.1 beta suggests we will see a new iPad this fall

The new iPhone XS, iPhone XR, and Apple Watch aren't the last devices we'll see from Apple in 2018. There are plenty of rumors about a new iPad coming this year too, and it may share some design similarities with the new phones.
Mobile

Google brings its high-accuracy emergency location tracking to the U.S.

Google has announced that its Emergency Location Service is coming to Android phones on T-Mobile, marking the service's U.S. debut. The service allows for high-accuracy location information to be sent to first responders.
Deals

Cyber Monday 2018: When it takes place and where to find the best deals

Cyber Monday is still a ways off, but it's never too early to start planning ahead. With so many different deals to choose from during one of the biggest shopping holidays of the year, going in with a little know-how makes all the…
Mobile

Fitbit’s new health care platform sets out to improve wellness in the workplace

Fitbit's new platform, Fitbit Care, aims to help improve wellness in the workplace. Using wearables, digital health coaching, and a more personalized health care experience, employees can have an easier time staying on top of their health.
Home Theater

Google Chromecast and Chromecast Ultra: Everything you need to know

Google's Chromecast plugs into your TV's HDMI port, allowing you to stream content from your tablet, laptop, or smartphone directly to your TV. Here's what you need to know about all iterations, including the 4K-ready Chromecast Ultra.
Mobile

Samsung looks to Huawei for inspiration, and the new Galaxy A7 is born

Samsung has launched the Galaxy A7 smartphone, its first with a triple-lens rear camera, which, although sounds similar to the one fitted to the Huawei P20 Pro, works in a different way.