These Android apps can steal your bank details

Tech security firm ESET revealed the long list of apps  and while they have all now been removed from Google Play store, almost 30,000 users already have them installed.
Tech security firm ESET revealed the long list of apps and while they have all now been removed from Google Play store, almost 30,000 users already have them installed.

Android phone users could be at risk of having their bank and personal information stolen, as cybersecurity experts have uncovered a string of dangerous apps.

Tech security firm ESET revealed the long list of apps – and while they have all now been removed from Google Play store, almost 30,000 users already have them installed.

Trojan security threat

Unlike apps which rely on impersonating legitimate banks, these apps are much more sophisticated and can target any applications on a user’s phone once installed, according to ESET.

The dangerous apps are disguised as device boosters and cleaners, daily horoscopes and battery managers, but they are actually complex hacking tools.

The apps have the capability to intercept and redirect text messages and calls, bypassing the SMS-based two-factor authentication, and can download and install other apps on the compromised device.

The ability to send and receive texts from a user’s device makes it possible to hackers to gain access to almost any of their personal web accounts, putting the likes of banking and social media accounts under threat.

How do the apps work?

When the apps are launched, they will display an error message which claims they have been removed due to incompatibility with a user’s device.

The app will then hide itself from view, or sometimes appear to function normally.

While the app seems to be working, the malicious functionality is hidden behind the scenes allowing it send and read text messages, download and install other applications, and, worst of all, impersonate other apps on a device.

“This is achieved by obtaining the HTML code of the apps installed on the device and using that code to overlay legitimate apps with bogus forms once the legitimate apps are launched, giving the victim very little chance to notice something is amiss”, ESET’s Lukas Stefanko explained.

How to stay safe

If you suspect you have downloaded one of the dangerous apps, it is possible to remove the threat by simply uninstalling the applications.

This can be done by going to Settings > General > Application manager / Apps.

It is also recommended you check your bank account for suspicious transactions and change any passwords on accounts that you suspect may have been compromised.

The full list of dangerous apps:

- Power Manager

- Astro Plus

- Master Cleaner

- Master Clean – Power Booster

- Super Boost Cleaner

- Super Fast Cleaner

- Daily Horoscope For All Zodiac Signs

- Daily Horoscope Free – Horoscope Compatibility

- Phone Booster – Clean Master

- Speed Cleaner – CPU Cooler

- Ultra Phone Booster

- Free Daily Horoscope 2019

- Free Daily Horoscope Plus – Astrology Online

- Phone Power Booster

- Ultra Cleaner – Power Boost

- Master Cleaner – CPU Booster

- Daily Horoscope – Astrological Forecast

- Speed Cleaner – CPU Cooler

- Horoscope 2018

- Meu Horóscopo

- Master Clean – Power Booster

- Boost Your Phone

- Phone Cleaner – Booster, Optimizer

- Clean Master Pro Booster 2018

- Clean Master – Booster Pro

- BoostFX. Android cleaner

- Daily Horoscope

- Daily Horoscope

- Personal Horoscope

This article originally appeared on our sister site, Edinburgh Evening News