Rogue applications developed to steal banking credentials from users have been discovered in Google's Android Market online software store.
The malicious programs were disguised as legitimate mobile banking apps and were designed to steal users' online banking credentials, according to US-based First Tech Credit Union, which posted a fraud alert about the threat.
The malicious apps, which have targeted customers of First Tech Credit Union and California-based Travis Credit Union, were developed by a user with the alias Driod09.
“Droid09 launched this phishing attack from the Android Market and it's since been removed,” First Tech Credit Union said in its alert.
Users who have downloaded an app from Droid09 are being advised to immediately remove it and bring their phone to their mobile provider to ensure the program has been fully removed. A source close to Google confirmed to SCMagazineUS.com that several applications using the names of banks, without permission, were removed from the Android Market.
The applications were investigated and Google "didn't find any malicious activity such as attempts to collect user information or passwords,” the source said.
Google launched the Android cell phone operating system in September.
“Android Market is open to all Android application developers,” Google says on its Android Market Publisher Site login page. “Once registered, developers have complete control over when and how they make their applications available to users.”
That runs in contrast to Apple, which personally vets every application, it says, to guard customer privacy and shield users from inappropriate content.
A Google spokeswoman told SCMagazineUS.com in an email that applications on Android Market that identify themselves with third-party marks [such as bank names] without permission are not allowed.
"If an application violates the content policy, we will remove it from Android Market, and developer accounts will be terminated for repeated violations," a Google spokeswoman said.
See original article on scmagazineus.com
Malicious apps found in Google's Android online store
Several banking apps deleted from store.
Got a news tip for our journalists? Share it with us anonymously here.
Partner Content
Partner Content
Australian organisations must act on security – or risk AI ambitions falling flat
Unlock SMB Success with Microsoft Copilot
Promoted Content
AI in cybersecurity: weapon or shield?
Microsoft Copilot Partner Hub
Sponsored Whitepapers
See everything. Do more.
Lindentech Secures Digital Identity with Zero Trust and Microsoft Entra
Diamond IT Delivers GRC Transformation with Microsoft Purview
Linktech Powers Energy Trader’s Essential Eight Compliance in Just Eight Weeks
Byte Delivers Future-Ready IT: Transforming Endpoint Security and Productivity with a Cloud-First Strategy
.png&w=120&c=1&s=0)
EDUtech AU
Integrate Expo 2025
.png&w=120&c=1&s=0)
Security Exhibition & Conference 2025
Digital As Usual Cybersecurity Roadshow: Brisbane edition
iTnews Benchmark Security Awards 2025
.jpg&h=140&w=231&c=1&s=0)
.jpg&h=140&w=231&c=1&s=0)
