Fake apps are not new to Android, some of them are blatant rip-offs while a few are much more dangerous as they seed malware, steal data and even impersonate a payment app to dupe users of their money. Now, a new wave of fake banking apps has hit the Google Play Store, which steal data by asking users to fill forms that require sensitive information such as log-in credentials and credit card details.
According to a report, the fake banking apps impersonate the official banking apps of three well-known Indian banks and claim to increase the credit card limit of users who use the services of the three banks at target – ICICI Bank, RBL Bank and HDFC Bank.
The fake banking apps were published on the Play Store by a single person under three different developer names, and by the time they were removed from the Play Store, they had been installed on hundreds of devices. In order to dupe gullible users, these apps claim to offer the benefit of extending their credit card’s limit.
Once the apps are opened, they ask the user to fill out a form which requires their credit card details, and once they submit the first form, they have to fill another form which requires their log-in credentials. The interesting thing is that despite some of the fields being marked as mandatory with an asterisk sign, the form can be submitted fully blank, which is enough to raise an alarm.
Once both the forms have been submitted, the user is directed to a third page where they are thanked for providing their details and using the banking app’s services, and that a ‘Customer Service Executive’ will soon contact them. The fake app offers no other functionality, but the worst part is that the stolen data is sent in the form of plain text to the malicious party’s server, without any encryption or authentication whatsoever.
This means the sensitive banking data of the victims is available freely on an exposed server for anyone to exploit, which only aggravates the risks. We advise you to immediately uninstall any such app and refrain from downloading apps which rouse any suspicion.