Mobile security company Lookout recently announced that a banking app that steals user logins had somehow wormed its way into the Google Play store.
Called BankMirage, the malware clones a bank’s original app and then uploads it the Google Play store. The unfortunate target of this malware was Mizrahi Bank, an Israeli financial institution.
Upon opening the app, customers were asked for their login information. During that time, the malware would copy the customer’s user ID. After entering login information, an error message would appear with a notice that the login was not correct. Customers were then prompted to install the app from Google Play.
Lookout says the malware only copies the user ID. The malware has since been removed.
Says Lookout in a statement, “Unfortunately, with an app that sneaks into the Google Play store, it’s hard to use traditional means to protect yourself. You can, however, go on some instincts. For example, if you see a duplicate of the app you’re trying to download, one might not be legitimate. You can otherwise keep yourself safe by installing an app-scanning security solution on your phone, such as Lookout.â€