Six other fake bank applications penetrated the Google Play Android app store. They robbed users of credit card details and login informations for online banking.
Unlike the previous QRecorder, they did not primarily target Czech users. Even the total volume of installations was considerably lower. Antivirus firm Eset said in October.
The upload of these false apps to Google Play happened in June 2018. People havee downloaded and installed more than a thousand times before Google removed it. The apps was there under the different names of the developers in the official store. Each one looking different, but the similarity of their code indicates that they are the work of one attacker.
Applications were considered legitimate tools for accessing bank accounts from New Zealand, Australia, the United Kingdom, Switzerland, Poland and the Austrian currency exchange Bitpanda.
The only purpose of these malicious applications is to get sensitive information from unsuspecting users. Some of them use the absence of an official mobile app for the service, while others are trying to trick users by claiming to be genuine and official. They do not have the same content, but they all show a form when they request filling in the credit card information or account credentials in that bank or money service.
If the user completes the form, the app sent data to the attacker’s server. The victim then displays the message: “Congratulations” or “Thank you”.