Malicious apps that steal bank data identified, how to protect yourself

Potential victims are redirected to fake sites to download malware

ap8jsn3b9gi 1
ap8jsn3b9gi 1

Cybersecurity researchers have identified malicious apps used to steal banking credentials from customers of eight Malaysian banks. The experts shared details of this deception as a preventive measure since this technique could be replicated throughout the world.

Cybercriminals are trying to steal bank details using fake websites posing as legitimate services. They generally use domain names very similar to official services and even directly copy the design of the original site to go unnoticed, they explain from Eset.

This campaign was first identified in late 2021. Back then, the hackers posed as the legitimate cleaning service Maid4u. The hoax was distributed through Facebook ads, asking potential victims to download the app, which actually contained malicious content.

In January 2022, MalwareHunterTeam shared information about three other malicious sites and Android Trojans attributed to this campaign. In addition to that, the Eset researchers found four other fake websites. All seven sites were impersonating services that are only available in Malaysia: six of them offer cleaning services, such as Grabmaid, Maria’s Cleaning, Maid4u, YourMaid, Maideasy, and MaidACall, while the seventh is a pet store called PetsMore.

These fake websites do not provide the option to purchase directly through them. Instead, they include links to supposedly download apps from Google Play. By clicking on these links, the user is not actually redirected to the official Google store but to servers controlled by cybercriminals.

“To be successful, this attack requires victims to enable the ‘Install unknown apps’ option on their devices, which is disabled by default. It is worth mentioning that five of the seven legitimate versions of these services do not even have an application available on Google Play”, highlighted Camilo Gutiérrez Amaya, Head of the Research Laboratory of Eset Latin America.

To appear legitimate, the apps ask users to log in once they are opened. The software takes any user input and always declares it correct. Maintaining the appearance of a real online store, the malicious applications pretend to offer products and services for purchase using an interface similar to that of the original stores.

When it comes time to pay for the purchase, victims are presented with two payment options: they can pay by credit card or by bank transfer.

Thus, the attackers obtain the banking credentials of their victims. After choosing the direct transfer option, victims are presented with a fake FPX payment page and are asked to choose a bank from eight Malaysian bank options and then enter their credentials. The banks targeted by this malicious campaign are Maybank, Affin Bank, Public Bank Berhad, CIMB Bank, BSN, RHB, Bank Islam Malaysia, and Hong Leong Bank.

After victims submit their banking credentials, they receive an error message informing them that the username or password they provided is invalid. At this point, the entered credentials have already been sent to the malware operators.

To make sure that the operators behind this campaign can get into the bank accounts of their victims, the fake online store apps also forward all the SMS messages the victim receives to the attackers in case any of those messages contain the code. authentication in two steps (2FA) sent by the bank.

According to the research team, until now this malware campaign has been targeting only Malaysia: both the online stores whose identity it impersonates, as well as the banks targeted for the theft of customer credentials, are from this country, and the prices of the Apps are displayed in the local currency, the Malaysian Ringgit.

To protect yourself against these types of threats, you should do the following:

  • Only enter legitimate websites. Do not enter from links that are received or seen on networks because you could be redirected to a false page
  • Be careful when clicking on advertisements and do not follow the results provided by paid search engines as they may not lead to the official website.
  • Pay attention to the source of the applications you are downloading. Make sure you are redirected to the Google Play store when you get an app.
  • Activate two-step verification, whenever possible. This note explains how to do it in detail, both in email and social networks and on other accounts. Instead of taking the SMS as a second factor; It is convenient to opt for the use of codes that come from applications such as Google Authenticator or physical keys.
  • Keep the software updated.
  • Use a security solution.

What do you think?

Written by Geekybar

Linguist-translator by education. I have been working in the field of advertising journalism for over 10 years.

For over 7 years in journalism. Half of them are as editor. My weakness is doing mini-investigations on new topics.


Leave a Reply

Your email address will not be published. Required fields are marked *

GIPHY App Key not set. Please check settings

WeTransfer Hacker

Beware: Hackers Impersonate WeTransfer to Steal Information


Did you know that using pacifier headphones at maximum volume is not advised?