ESET researchers warn of the underestimated threat of fake banking apps, a type of mobile banking malware that impersonates legitimate finance applications to steal credentials for, or money from, its victims’ bank accounts. While technically far from advanced, fake banking apps have strategic advantages that makes them comparably effective to much more sophisticated types of malware with the same goals.

The conclusion comes from ESET’s new research of the current Android banking malware landscape, documented in the white paper “Android banking malware: Sophisticated Trojans vs. Fake banking apps ”. The research identifies fake banking apps and sophisticated banking Trojans as the two most prevalent types of Android banking malware and provides insight into their go-to tricks and techniques.

“Our analysis of the two types of banking malware – both of which have previously been discovered in the official Google Play store – has shown that the simple operation of fake banking apps comes with certain advantages that the feared banking Trojans don’t have,” explains Lukáš Štefanko, ESET malware researcher.

The main strength of the fake apps according to Štefanko is their direct impersonation of legitimate banking applications. If users fall for the impersonation and install a fake banking app, there is a high chance they will treat the login screen displayed by the app as legitimate and submit their credentials.  And, contrary to banking Trojans, there are no intrusive permission requests to raise the users’ suspicion after installation. Besides this, sophisticated banking Trojans are more prone to detection due to their advanced techniques acting as triggers for various security measures. 

“While banking Trojans have long been regarded as a serious threat to Android users, fake banking apps have sometimes been overlooked due to their limited capabilities. Despite not being technically advanced, we believe fake banking apps might be just as effective at emptying bank accounts as banking Trojans,” comments Lukáš Štefanko.

To stay safe from banking malware, ESET experts recommend that users:

Keep their Android device updated and use a reliable mobile security solution
Stay away from unofficial app stores, if possible; always keep “installation of apps from unknown sources” disabled on their device
Before installing an app from Google Play, always check its ratings, content of reviews, number of installs, and requested permissions; continue paying attention to the app’s behavior after it is installed
Only ever download banking and other finance apps if they are linked on the official website of the bank or financial service

For a detailed overview of the two types of Android banking malware and ways of staying safe from them, please refer to the white paper  at ESET’s blog, WeLiveSecurity.

The release of the white paper comes just ahead of Mobile World Congress in Barcelona where Lukáš Štefanko will present at ESET booth and will be available for interviews. ESET will be exploring Machine Learning/Artificial Intelligence, sharing new research and key findings in mobile security and showcase its security solutions at the global expo  – taking place February 25 – 28, 2019 in Barcelona, exhibiting in Hall 7, stand 7H41.