[ad_1]
ESET a major proactive threat detection company, uncovers malicious applications in the Google Play official store that promises to increase the credit limit for users of three banks from India
They extracted credit card details and credentials from the online banking system with the help of incorrect forms that users completed. Then, the data was filtered on the Internet.
You might be interested: Fuchsia Os, the operating system that could replace Android
These malicious apps were asking for details about credit card and access rights to banking through d & # 's 39 Internet using fraudulent methods. Finally, the stolen data of the victims were filtered on the Internet and in plain text, via an exposed server.
The fake apps were downloaded from Google Play between June and July 2018 and were installed by hundreds of users before they ended once ESET reported to Google . The applications were downloaded under the name of three different developers, each posing as a bank of India different. However, all three apps are linked to an attacker.
These applications follow the same procedure, once they are executed, a form is displayed in which the credit card details are requested. If the users fill out the form and select "send", are directed to a form requesting access credentials to the online banking service. Although all fields in the form are marked as mandatory, both forms can be sent blank, indicating that you are facing something suspicious.
Finally, a window is displayed to thank the user for his interest and he is informed that a [19659007] "Customer Service Executive" will be communicated as soon as possible. But in reality, no one will communicate with the victim and from here the application does not offer any kind of functionality.
Meanwhile, the data entered by the fake forms are sent to the attacker's server in clear text. The server that stores the data is accessible to anyone with the link and without the need to authenticate. For the victim, this greatly increases the potential for damage, since the stolen data is not only available to the attacker, but potentially in the hands of anyone with access to the link.
involves banks in India, we must keep in mind that this can be easily duplicated in other countries, so it is very important to take them into account so that users do not deceive us in the same way. On the other hand, similar scams are constantly appearing. Recently ESET warned of another malicious application that leaks stolen information so that anyone can see it, a false application MyEtherWallet that exposes private keys to victims' wallets. This finding underscores the need to be extremely careful when it comes to downloading financial applications of any kind. " Camilo Gutierrez, head of the research laboratory of ESET Latin America.
If you have installed any of these malicious applications, the company recommends uninstalling them immediately. In addition, it is important to check the bank account for any suspicious activity and change the pin of the card as well as the access code to the online banking service. Even if the user enters the information of his credit card, it is advisable to ask for a change of plastic.
To avoid being a victim of such applications from the ESET Latin America Laboratory, he advises:
* they are badociated with the official website of a bank.
* Never enter bank account access information in a form if the security or legitimacy of its legitimacy is unclear.
* Pay attention to the number of downloads, application rating, and comments left by other users in Google Play.
* Keep the devices Android up to date and use a reliable security solution. In the case of products ESET they detect such malicious applications as Android / Spy.Banker.AHR
– Colombia.com
[ad_2]
Source link
