A new type of banking malware, aimed at mobile devices, masking itself as a legitimate banking app in order to steal information or money from its victims’ accounts, has forced users to take preventive measures.

“Our analysis of to the two types of banking malware previously found in the official Google Play store, has demonstrated that simple fake banking operations enjoy certain advantages that the feared banking Trojans do not have,” said Lukáš Štefanko, ESET malware researcher.

According to Štefanko, these fake apps’ main characteristic is the direct personification of legitimate banking apps. If users fall for the ruse and install a fake banking app, there is a great chance they will consider the app’s main screen as legitimate and introduce their confidential information.

Unlike banking Trojans, these apps do not include intrusive permission requests that may rouse users’ suspicions after installing them. Besides this, sophisticated banking Trojans are more likely to be detected due to their advanced techniques which trigger several safety measures.

“While banking Trojans have been considered a serious threat against Android users, fake banking apps are often overlooked due to their limited capabilities. Despite being less technically advanced, we believe fake banking apps can be as effective when it comes to emptying bank accounts as banking Trojans,” said Lukáš Štefanko.

In order to protect yourself against banking malware, experts recommend:

• Keeping all Android devices updated, and using reliable safety measures.
• Keeping away from unauthorized app stores, if possible, while keeping the device’s “Install apps from unknown sources” safety option unchecked.
• Before installing an app from the Google Play store, studying said app’s reviews, update history, how many times it has been installed and what permissions it requires, as well as paying attention to how the app behaves after being installed.
• Only install banking apps from said bank’s official website.