Another set of fake banking apps has found its way into the official Google Play store. Claiming to increase the credit card limit for users of three Indian banks, the malicious apps phish for credit card details and internet banking credentials using bogus forms. What’s even worse, the data stolen from the victims is leaked online, in plain text, via an exposed server. But the data is accessible to anyone without any authentication.
Bogus Android apps of ICIC Bank, RBL Bank, and HDFC Bank were all used by the perpetrators on three separate occasions as a front to collect sensitive data from unsuspecting victims. Information like credit card account number, names, expiration dates, and CVV was funnelled through fake application forms which the potential victims had filled up.
READ ALSO: India’s Leading Dairy Company is now Planning to Bring in Camel Milk Chocolates
“The data entered into the bogus forms is sent in plain text to the attacker’s server. The listing of the stolen data on that server is accessible to anyone with the link, without requiring any authentication,” wrote ESET. “For the victims, this amplifies the potential damage, since their sensitive data is not only at the attacker’s disposal, but potentially available to anyone who comes across it.”
The (fake) mobile apps were floated on Play Store during the months of June and July. They were withdrawn one after the other, and all the three apps were traced to one perpetrator only.
The banking institutions have been continuously conducting campaigns about avoiding any such lucrative offers, i.e. anything that pertains to reveal an individual’s personal information or the card details to avail any service, facility, or a product.
Post Your Comments