A number of fake Android Apps have been recently launched which aim to steal banking details from customers. The makority of these relate to cleaning services, such as booking a maid.
While the attacks are curently centred on Malaysia, it is feared that this may be a practice run for a larger campaign. The fake apps are distributed via web sites and sometimes advetised using Facebook paid ads. The fake websites will have names similar to legitimate websites.
These apps are not distributed via the Google play store, therefore it’s easy to avoid. While the websites try to make it look like you’re downloading from the Google Play Store, they are actually hosted on 3rd party servers. Android devices have a stting which will stop these downloads.
- Turn off the Android option “Install Unknown Apps”. This would normally be off by default and should be left off. This prevents installations from servers other than the official Google Play Store.
- Only turn on “Install Unknown Apps” if you can definitely verify the source of the app and turn it off again immediately afterwards. (this is an advanced technique, so make sure you know what you’re doing).
- Use 2 Factor Authentication for logging in to services, especially where money is involved.
- Use unique passwords for every site.