Malicious apps found in Google's Android online store

By on

Several banking apps deleted from store.

Rogue applications developed to steal banking credentials from users have been discovered in Google's Android Market online software store.

The malicious programs were disguised as legitimate mobile banking apps and were designed to steal users' online banking credentials, according to US-based First Tech Credit Union, which posted a fraud alert about the threat.

The malicious apps, which have targeted customers of First Tech Credit Union and California-based Travis Credit Union, were developed by a user with the alias Driod09.

“Droid09 launched this phishing attack from the Android Market and it's since been removed,” First Tech Credit Union said in its alert.

Users who have downloaded an app from Droid09 are being advised to immediately remove it and bring their phone to their mobile provider to ensure the program has been fully removed. A source close to Google confirmed to SCMagazineUS.com that several applications using the names of banks, without permission, were removed from the Android Market.

The applications were investigated and Google "didn't find any malicious activity such as attempts to collect user information or passwords,” the source said. 

Google launched the Android cell phone operating system in September.

“Android Market is open to all Android application developers,” Google says on its Android Market Publisher Site login page. “Once registered, developers have complete control over when and how they make their applications available to users.”

That runs in contrast to Apple, which personally vets every application, it says, to guard customer privacy and shield users from inappropriate content. 

A Google spokeswoman told SCMagazineUS.com in an email that applications on Android Market that identify themselves with third-party marks [such as bank names] without permission are not allowed.

"If an application violates the content policy, we will remove it from Android Market, and developer accounts will be terminated for repeated violations," a Google spokeswoman said.

See original article on scmagazineus.com

Copyright © SC Magazine, US edition
Tags:

Most Read Articles

Log In

Username:
Password:
|  Forgot your password?