These Android apps can steal your bank details - here's how to stay safe

0
Have your say

Android phone users could be at risk of having their bank and personal information stolen, as cybersecurity experts have uncovered a string of dangerous apps.

Tech security firm ESET revealed the long list of apps - and while they have all now been removed from Google Play store, almost 30,000 users already have them installed.

Almost 30,000 users have downloaded the dangerous apps

Almost 30,000 users have downloaded the dangerous apps

Trojan security threat

Unlike apps which rely on impersonating legitimate banks, these apps are much more sophisticated and can target any applications on a user's phone once installed, according to ESET.

The dangerous apps are disguised as device boosters and cleaners, daily horoscopes and battery managers, but they are actually complex hacking tools.

The apps have the capability to intercept and redirect text messages and calls, bypassing the SMS-based two-factor authentication, and can download and install other apps on the compromised device.

The ability to send and receive texts from a user's device makes it possible to hackers to gain access to almost any of their personal web accounts, putting the likes of banking and social media accounts under threat.

How do the apps work?

When the apps are launched, they will display an error message which claims they have been removed due to incompatibility with a user's device.

The app will then hide itself from view, or sometimes appear to function normally.

While the app seems to be working, the malicious functionality is hidden behind the scenes allowing it send and read text messages, download and install other applications, and, worst of all, impersonate other apps on a device.

"This is achieved by obtaining the HTML code of the apps installed on the device and using that code to overlay legitimate apps with bogus forms once the legitimate apps are launched, giving the victim very little chance to notice something is amiss", ESET's Lukas Stefanko explained.

How to stay safe

If you suspect you have downloaded one of the dangerous apps, it is possible to remove the threat by simply uninstalling the applications.

This can be done by going to Settings > General > Application manager / Apps.

It is also recommended you check your bank account for suspicious transactions and change any passwords on accounts that you suspect may have been compromised.

To avoid falling victim to banking malware, ESET recommend:

- Only downloading apps from Google Play - while it doesn't guarantee apps are not dangerous, they are less common than on third-party app stores and will be removed once discovered

- Check the number of downloads, app ratings and content of reviews before installing an app

- Be aware of what permissions you grant to installed apps

The full list of dangerous apps:

- Power Manager

- Astro Plus

- Master Cleaner

- Master Clean - Power Booster

- Super Boost Cleaner

- Super Fast Cleaner

- Daily Horoscope For All Zodiac Signs

- Daily Horoscope Free - Horoscope Compatibility

- Phone Booster - Clean Master

- Speed Cleaner - CPU Cooler

- Ultra Phone Booster

- Free Daily Horoscope 2019

- Free Daily Horoscope Plus - Astrology Online

- Phone Power Booster

- Ultra Cleaner - Power Boost

- Master Cleaner - CPU Booster

- Daily Horoscope - Astrological Forecast

- Speed Cleaner – CPU Cooler

- Horoscope 2018

- Meu Horóscopo

- Master Clean - Power Booster

- Boost Your Phone

- Phone Cleaner - Booster, Optimizer

- Clean Master Pro Booster 2018

- Clean Master - Booster Pro

- BoostFX. Android cleaner

- Daily Horoscope

- Daily Horoscope

- Personal Horoscope