Fake banking apps affect CommBank and ANZ customers

By Christina Cavaleri September 20, 2018

“This is a big concern for anyone who may have handed over personal information."

Two malicious and fake banking apps have spent weeks undetected on the Google Play store impersonating ANZ and Commonwealth Bank.

More than 1000 CommBank and ANZ customers may have fallen victim to the cunning scam after unknowingly handing out their credit card details after downloading the fraudulent apps. 

The Age reports Nick FitzGerald, senior research fellow at IT security company ESET, said the apps were installed more than 1000 times before it alerted Google two weeks ago. Google would not confirm the number of downloads. 

ESET discovered the fake banking apps during routine checks conducted by researchers.  

FitzGerald told The Age it was rare for fake banking apps to pass the automated Google Play tests and make it into the store.

The fake apps functionality were extremely basic which may have been what helped them slip through the cracks. 

“Apps with less functionality are deemed less risky and given these fake banking apps only asked consumers to log in and then asked for their credit card details, they seemed to have slipped through.

“The apps use obfuscation, which may have contributed to them slipping into the store undetected.”

Users were simply asked to submit their credit card details or log-in credentials. 

FitzGerald says if users fill out the form, the submitted data was sent to the attacker’s service. The apps then presented victims with a “congratulations” or “thank you” message, which is where the app functionality ends.

“This is a big concern for anyone who may have handed over personal information. The loss of personally identifiable information can result in financial fraud that may affect you for the rest of your life very negatively."

The Age reports a Google spokesman declined to say how many times the apps were downloaded or how they made it into the Google Play store.

“We remove applications that violate our policies, such as apps that are illegal or that promote hate speech.

“We don’t comment on individual applications — you can check out our policies for more information.”

ANZ customers should contact their bank immediately if they believe they have downloaded a fake app on 1800 033 844.

CBA customers can report suspicious apps on 13 2221.

Image credit: Getty Images