Daily cyber threats and internet security news: network security, online safety and latest security alerts
January 11th, 2010

Rogue Phishing App Spread Through Android Marketplace

A phisher hoping to harvest bank login details managed to smuggle his app onto the Android app store. The Android Market, launched in October 2008, offers more than 20,000 mobile applications for download.

Malicious apps posted by Droid09 were quickly identified, prompting a warning to legitimate users and a ban for the VXer. The incident raises questions about whether a tighter vetting process is needed for the Android Marketplace.

The rogue Android application posed as a legitimate banking applet, but was actually designed to trick marks into handing over bank login details to fraudsters, an alert by credit union First Tech warns. The credit union, which said it wasn’t targeted by the attack, doesn’t even have an app for Android as yet.

Android fans who downloaded any of Droid09′s apps are advised to purge them from their phones before consulting their mobile phone firm for further advice.

The incident happened in December, but became public after news outlets picked up on First Tech Credit Union’s fraud alert on Monday.

Credit: The Register

Share this item with others:

More on CyberInsecure:
  • Android Market Security Update Released By Google Contained Mobile Trojan
  • Stalk-my-profile Scam Targets Facebook Users
  • Patch For Android Security Flaw Released By Google And T-Mobile
  • Windows Phone Marketplace Protection, PlayStation3 Code Signing Cracked
  • Hackers Jailbreak T-Mobile’s And Google’s Android Phone

  • If you found this information useful, consider linking to it from your own website.
    Just copy and paste the code below into your website (Ctrl+C to copy)
    It will look like this: Rogue Phishing App Spread Through Android Marketplace

    One Response to “Rogue Phishing App Spread Through Android Marketplace”

    1. Boy it did not take the bad guys long to exploit this new device. I wonder how long Google’s current policy regarding the posting of applications will stand. I would fee a lot better if Google took a similar approach to Apple and vetted every application.

      Cybercrime Fighter

    Leave a Reply

    Comments with unsolicited links to other resources will be marked as spam. DO NOT leave links in comments. Please leave your real email, it wont be published.

    To prove you’re a person (not a spam script), type the security word shown in the picture. Click on the picture to hear an audio file of the word.