Lukas Stefanko

Besides delivering the promised functionalities, the malicious apps can display fake notifications and login forms seemingly coming from legitimate banking applications, harvest credentials entered into the fake forms, as well as intercept text messages to bypass SMS-based 2-factor authentication.

For a user, it can be difficult to figure out whether an app is malicious. First off it is always good only to install applications from the Google Play store, since most malware is still mainly spread through alternative stores.

In all the cases we investigated, the final payload was a mobile banking trojan. Once installed, it behaves like a typical malicious app of this kind: it may present the user with fake login forms to steal credentials or credit card details.

With all the hype around cryptocurrencies, cybercriminals are trying to grab whatever new opportunity they can – be it hijacking users’ computing power to mine cryptocurrencies via browsers or by compromising unpatched machines, or various scam schemes utilizing phishing websites and fake apps.

The Android banking trojan that we first informed about in the beginning of this year has found its way to Google Play again and contains new tricks designed to get access to the private banking information of the user.

ESET researchers have discovered another banking trojan on Google Play targeting Android users – this time disguised as a Flashlight widget.

ESET researchers have discovered and reported scammers stealing PayPal and Paxful credentials disguised as a tool for YouTube monetization, and a bitcoin trading marketplace.

ESET researchers have discovered 87 malicious apps on Google Play disguised as mods for Minecraft.

ESET researchers discovered 13 new Instagram credential stealers on Google play and looked into the motivations behind their fraudulent schemes.