A new app containing malware has been spotted. This particular app will try to steal your banking app login info. It has been removed from the Google Play Store, but you may still have it installed.
This app will try to grab your banking login info
The report comes from GBHackers, and the app in question is called ‘Todo: Day manager”. This is a simple to-do application, and by the looks of it, you’d never guess it contains malware.
It is reported that this threat was discovered by the Zscaler ThreatLabz team, by the way. We’re looking at a banking trojan here, and it’s called ‘Xenomorph’. This application was installed over 1,000 times before it was removed from the Play Store.
If you do still have it installed, you’ll need to remove it, needless to say. Just because an app has been removed from the Google Play Store doesn’t mean it’s removed from your phone.
So, how does this work? Well, once it’s installed, with the necessary permissions, it will sit tight until you use your banking app. Then, it will try to steal your login information. This app can intercept your SMS messages and notifications, thus it can access one-time password (OTP) and two-factor authorization requests.
It can wipe your bank account, if successful
If it’s successful in its attempt, it can completely wipe your bank account, needless to say. That’s basically the goal of all banking malware scripts, more or less. Some are more aggressive than others.
There is a way you can prevent things like this from happening. First and foremost, check the reviews before you download an app. Then, pay attention to the permissions you’re allowing an app to have. Also, if an app you installed prompts to you install something else, like an additional APK, don’t do it. Well, unless you completely trust the app, of course.
Google does a great job of keeping the Play Store secure, but things do slip through the cracks. Many of such apps even do not contain malware from the get-go, but acquire it once you’re installed them, and allowed them to do what they want, either via permissions, or by installing something you were prompted to install.