Customers of at least seven banks are likely to have lost data from their mobile phones from fake apps of banks such as SBI, ICICI Bank, Axis Bank, Indian Overseas Bank, Bank of Baroda, Yes Bank and Citi Bank. This was revealed in a report by an IT security firm Sophos Lab said that these fake apps, available on Google Play, may have stolen data and credit card details of thousands of customers. By offering some freebies, customers may have been tempted to install these apps as they have the logos of the original banks which make it difficult to differentiate between the original and fake ones.
The Banks’ reactions
Many of the banks claimed that they were not aware of any such apps existing. Only a few of them said that they would be conducting an investigation. The nodal agency, CERT, has also been kept in the loop by the banks. CERT investigates computer security incidents and may do the same in this case as well.
Although State Bank of India has not yet responded in any way, Yes Bank has claimed to have handed over the case to its cyber fraud department. ICICI Bank and Axis Bank were also not available for immediate comments, The Economic Times reported.
‘Too good to be true’
Reports by Sophos lab say that some of these apps were providing services that were ‘too good to be true’, enabling customers to withdraw cash from the ATM and having it delivered to their doorstep. Malware carried by these apps were capable of stealing important information like credit card details stored in one’s mobile phone.
“Deceptive malware may have stolen thousands of Indian sub-continent bank customers account data or credit card numbers,” said Pankaj Kohli, threat researcher, SophosLabs.
For a long time now, cybersecurity experts have been worrying about the grave issue of rogue apps being the part of the Android Play Store. Certain steps taken by Google recently will ensure that app developers do not easily be granted permission like they earlier were, but it will probably still take a long time to completely stop scamsters from finding their way into the Android Play Store.
The Weborion urges banks to come up with their own plans to stop this menace, and customers to be careful before blindly trusting any app on the Android Play Store.