According to security researchers from PhishLabs, Google Play has a bit of a phishing problem.
A problem in the sense that the research company claims that, since the start of the year, it has found 11 apps that are hosted on Google Play created by hackers. Although Google has taken efforts to prevent this type of problem, these researchers claim that the malicious apps are still sneaking through and targeting online payment services.
“These attacks combine traditional, browser-based phishing attacks with the mobile platform in order to create convincing mobile applications,” according to security analyst Joshua Shilko, who works at PhishLabs.
“These applications claim to afford the user access to their accounts directly from their mobile device; however, their only functionality is the capability to collect credentials and personal information and deliver that stolen information to the attacker. Our research has indicated that these malicious applications have been created by the same actor or group of actors,” he continued.
What happens in these cases is that the hackers create login pages that mimic the real sites, and then, the hackers are able to get all the payments credentials and personal information because the end user doesn’t realize the app isn’t real. And, in some instances, these fake pages actually have registered domain names that make the sites appear legitimate, since they look close enough to the actual payments services sites.
“There is evidence that these applications targeting the payment card and online payment industries have been created by the same actor or group of actors. On multiple occasions, PhishLabs observed multiple applications with similar naming conventions targeting different companies being published to the Play Store on the same day,” Shilko wrote.
“In one case, a targeted company explicitly states on their website that no mobile application exists for their company and that users should be wary of any mobile application using their brand,” he continued in the post.
And if this behavior continues to be able to pass by Google’s process for stopping such behavior? The researchers believe that these attacks could get bigger and breach into other markets.