Another phishing app found on Google Play

A video posted last week by cybersecurity specialist Lukas Stefanko revealed a malicious app hosted on the Google Play Store that steals users' login credentials for regular banking and cryptocurrency apps.

The Easy Rates Converter app was designed to look like a cryptocurrency conversion tool, but in fact it is designed to collect login credentials for crypto trading and banking applications.

The main targets of the phishing attack include official applications for CommBank, Binance and Google Play. At the time Stefanko posted his video, the app had already been downloaded by more than 500 users, and the developer's name was listed as "hitech_soft."

According to Stefanko, once downloaded, Converter deploys virus software that infects the host device through a fake Adobe Flash update.  

Then the phishing malware can only wait for the user to use their banking or crypto trading app and open a fake screen that fully corresponds to the usual login screen and prompts them to enter their registration information. When entered, the credentials are sent to the virus developers and they gain full access to the user’s financial information. At the same time, the user does not suspect that he has shared his confidential information, because there are no signs of hacking and penetration, and the currency converter itself works correctly. 

Unfortunately, this is not the only case where hackers use Adobe Flash updates to install malware.  SophosLabs recently discovered 25 Android apps on Google Play that mine cryptocurrency in the background. 

In early October, cybersecurity experts at Palo Alto Networks discovered a virus in fake Flash installers used to infect computers with malware. The update installed Flash on the host computers, but at the same time infected them with Monero mining malware.