ICICI, HDFC customers, beware! Fake Android apps targeting sensitive dataLast updated on Jul 30, 2018, 12:55 pm
Customers of ICICI, HDFC and RBL, beware: bogus banking apps for these banks have been released on Google Play, which can dupe you of your money.
All three apps, presumed to be the handiwork of the same perpetrator, seek personal data from customers, claiming it would increase their credit card limits.
But the data is then released online publicly, accessible to anyone without any authentication.
ESET malware researcher notifies the public
Fake banking apps on Google Play leak stolen credit card data and mobile banking credentials of victims. [video]— Lukas Stefanko (@LukasStefanko) July 26, 2018
Hundreds of victim details are exposed without authentication.
Target: #India 🇮🇳 banks.https://t.co/zzbi4xjml0 pic.twitter.com/WLihAOJvF1
What do the apps do?
According to Slovakia-based ESET, an internet security product provider, these apps were released during June-July'18.
Before Google took them down, they had already been downloaded by hundreds.
All three worked similarly- after launch, a form requesting credit card details is directly displayed.
After users fill it up and 'Submit,' the next page seeks internet banking credentials.
Incidentally, the apps can do absolutely nothing else.
Do you know?
They then sent data to servers in plain text
Making matters worse, the data collected was then sent in plain text to their server. Anyone with the link could access it, without entering any sort of identification. "This amplifies the potential damage, since data is available to anyone who comes across it," ESET said.
Follow these measures to stay safe online
You can follow some steps to stay safe from such apps. Before downloading and using any app, check its source carefully.
Number of downloads, ratings and reviews can give an idea about an app's authenticity.
Never enter sensitive information in online forms if you are even slightly suspicious.
Remember: banks will never ask for your password, either online, on phone or personally.