The fake apps were reportedly downloaded more than 1000 times. Photo: Getty
CommBank and ANZ customers have been caught up in a fake banking apps scandal, a European security company has revealed.
Fake apps for the Commonwealth Bank and ANZ were among several bogus Android apps that tried to mimic the personal banking apps of six banks in Australia, New Zealand, Britain, Switzerland and Poland, as well as a Austrian cryptocurrency exchange.
The Slovakian security firm ESET wrote in a blog post that the fake
apps were uploaded to the Google Play store in June 2018. They had been installed more than 1000 times before Google was alerted by ESET and took them down.
The purpose of the fake apps is to obtain sensitive information, such as logon credentials and credit card details, from unsuspecting users.
“Some of the apps take advantage of the absence of an official mobile app for the targeted service [such as Bitpanda], while others attempt to fool users by impersonating existing official apps,” ESET wrote.
It noted that the apps were uploaded under different developer names, but there were similarities in the coding, suggesting the apps were the work of one hacker.
When launched, the apps displayed forms requesting credit card details and/or login credentials to the targeted bank.
Once users fill out the form, the submitted data is sent to the hacker’s server, according to ESET.
The apps then present their victims with a “Congratulations” or “Thank you” message, which is where their functionality ends.
CommBank provided a statement to The New Daily that said “security of our customers’ banking details is a top priority” and that “once a suspicious app is identified, we work with the app store to ensure the app is quickly removed or disabled”.