Eleven Fake Apps in Android Play Store Uncovered that Enable Phishing

Google has not been able to perfectly control its Google Play the Android application store, as malicious applications regularly bypass its examination process. This has been happening with several phishing applications the current 2016 which pretended to be client apps associated with widely used online payment facilities.

PhishLabs the security company asserts that its researchers recently discovered eleven such applications from 2016 start that Google Play supported, the majority being creations of same attackers.

These attackers' modus operandi are short of any sophistication, while according to PhishLabs' researchers, the methodologies happen to be pretty trivial, however, have proven effective because end-users' trust on Google Play Store deter them from properly scrutinizing the applications they download from it.

The attackers' chosen technique is serving certain WebView component followed with directing the end-user for doing the logging in process with the application. During that logging in, the application gathers the entire user credentials followed with channeling them within the traditional phishing style capture assault towards the attackers' remote server.

According to Shilko, the applications are extremely malevolent, while they pounce on certain crypto-currency payment companies.

This possibly won't alert victims because of fluid end-user experience and interface, except when the end-user enters his genuine login credentials but fails to access his account. Theregister.com posted this, April 30, 2016.

Dangerously, this regular slipping through Google's examination procedure followed with enlisting of such applications into Google's Play Store could encourage attackers to extend the tactic on other industries.

Another problem relates to Google's elimination of the malicious apps from its Store which could be time consuming spanning several days despite outside parties detecting and reporting them early on. This provides enough opportunity to the crooks. Incidentally, the discussed phishing assaults in general work most efficiently in the many initial hours following the fake applications' launch.

Shilko states that phishers' creation of Android apps which extend a little further of any mobile web-page has proved to be a clever technique since they strike on end-users, who often visit Google Play, eschew electronic mail anti-phishing safeguards, as well as eschew the fraud detection systems of banks.

» SPAMfighter News - 5/6/2016