Latest Threat Research: LetMeowIn – Analysis of a Credential Dumper

Get Informed

Search

Fake Banking Apps Leak Credit Card Data

Three more fake banking apps have made their way onto the Google Play Store claiming that they can increase the credit card limit for users. The apps made their way onto the Google Play Store in June and July 2018, targeting users of three Indian banks and phish the users for banking details. All three of the apps follow the same agenda. Once launched, a form requesting credit card details is displayed asking the user to fill it out and then tap submit. If the victim fills out the form, they are then directed to another form which asks them to enter their online banking credentials. If the second form is filled out, the victim is directed to a third and final page which thanks the user filling out the forms and informs them that a “Customer Service Executive” will contact them shortly. Once these forms are completed, the data is then sent to the attackers’ server in plain text. It is worth noting that each field on the form is marked as “required.” All three apps were registered under different names but still trace back to the same a single attacker. Thankfully, the apps have only been downloaded a few hundred times and they have been taken off of the Google Play Store.