Rogue Phishing App Spread Through Android Marketplace
A phisher hoping to harvest bank login details managed to smuggle his app onto the Android app store. The Android Market, launched in October 2008, offers more than 20,000 mobile applications for download.
Malicious apps posted by Droid09 were quickly identified, prompting a warning to legitimate users and a ban for the VXer. The incident raises questions about whether a tighter vetting process is needed for the Android Marketplace.
The rogue Android application posed as a legitimate banking applet, but was actually designed to trick marks into handing over bank login details to fraudsters, an alert by credit union First Tech warns. The credit union, which said it wasn’t targeted by the attack, doesn’t even have an app for Android as yet.
Android fans who downloaded any of Droid09′s apps are advised to purge them from their phones before consulting their mobile phone firm for further advice.
The incident happened in December, but became public after news outlets picked up on First Tech Credit Union’s fraud alert on Monday.
Credit: The Register
More on CyberInsecure:
January 11th, 2010 at 4:20 pm
Boy it did not take the bad guys long to exploit this new device. I wonder how long Google’s current policy regarding the posting of applications will stand. I would fee a lot better if Google took a similar approach to Apple and vetted every application.
Cybercrime Fighter