Phishing Android App Steals Banking Info

• Rob Jackson
• 15 years ago

A few weeks ago there was a developer on Android Market named Droid09 who uploaded a malicious application to Android Market. Apparently the dev’s apps POSED as official banking applications but instead were just “shells” with the purpose of stealing your personal information and banking logins/passwords.

The rogue application was outed by First Tech Credit Union whose customers I assume were amongst the first victims of the fraudster responsible for the debacle. But First Tech customers weren’t specifically targeted, so everyone out there should double check what apps they have installed and especially check for anything from Droid09.

The application was removed from Android Market but probably not before a few people got burned. While Apple’s app review process for the iPhone has been heavily criticized/scrutinized, Google’s more open approach isn’t perfect either. Apple may be “better safe than sorry” whereas Android allows the user to determine what is safe and what isn’t.

Make sure you do your research before download and using any application or game and DON’T FORGET to check the permissions that each application asks for access to!

I’d also love to hear what steps Google took after the application was identified as a Phishing application. Did they simply delete the app from the market? Did they ban the developer? Did they fine him? Are they pursuing legal action? Having a global ecosystem makes the more harsh punishments difficult to pursue, but ill-willed developers would be less likely to play the scam game if they knew there were repercussions.

[First Tech Credit Union via Slashdot, Engadget Mobile]