ESET warns of fake banking apps targeting Android users

Next story

ESET researchers are warning of the threat of fake banking apps, a type of mobile banking malware that impersonates legitimate finance applications to steal credentials for, or money from, its victims’ bank accounts. Fake banking apps have strategic advantages which make them comparably effective to more sophisticated types of malware with the same goals.

This conclusion comes from ESET’s new survey of the current Android banking malware landscape, documented in the whitepaper “Android banking malware: Sophisticated Trojans vs. Fake banking apps”. The research identifies fake banking apps and sophisticated banking trojans as the two most prevalent types of Android banking malware and also provides insight into their tricks and techniques.

“Our analysis of the two types of banking malware – both of which have previously been discovered in the official Google Play store – has shown that the simple operation of fake banking apps comes with certain advantages that banking trojans don’t have,” said Lukáš Štefanko, malware researcher at ESET.

The primary strength of the fake apps, according to Štefanko, is their direct impersonation of legitimate banking applications. If users fall for the impersonation and install a fake banking app, there is a strong chance they will treat the login screen displayed by the app as legitimate and submit their credentials.  And, contrary to banking trojans, there are no intrusive permission requests to raise the users’ suspicion after installation. Furthermore, sophisticated banking trojans are more prone to detection due to their advanced techniques acting as triggers for various security measures.

“While banking trojans have long been regarded as a serious threat to Android users, fake banking apps have sometimes been overlooked due to their limited capabilities. Despite not being technically advanced,  we believe fake banking apps might be just as effective at emptying bank accounts as banking trojans," Štefanko said.

To stay safe from banking malware, ESET experts recommend that users should:

  • Keep their Android device updated and use a reliable mobile security solution
  • Avoid unofficial app stores, if possible and always keep “installation of apps from unknown sources” disabled on their device
  • Before installing an app from Google Play, always check its ratings, content of reviews, number of installs, and requested permissions and continue paying attention to the app’s behavior after it is installed
  • Only download banking and other finance apps if they are linked on the official website of the bank or financial service

For a detailed overview of the two types of Android banking malware and ways to stay safe from these threats, please refer to the whitepaper at ESET’s blog, WeLiveSecurity.

The release of the whitepaper comes just ahead of Mobile World Congress (February 25-28, 2019 in Barcelona), where Štefanko will present at ESET’s booth and will be available for interviews. ESET will be exploring machine learning/artificial intelligence, sharing new research and key findings in mobile security and showcasing its security solutions at the global expo. ESET will be exhibiting in Hall 7, at stand 7H41.


About ESET

For over 30 years, ESET® has been developing industry-leading IT security software and services for businesses and consumers worldwide. With solutions ranging from endpoint and mobile security, to encryption and two-factor authentication, ESET’s high-performing, easy-to-use products give consumers and businesses the peace of mind to enjoy the full potential of their technology. ESET unobtrusively protects and monitors 24/7, updating defenses in real-time to keep users safe and businesses running without interruption. Evolving threats require an evolving IT security company. Backed by R&D centers worldwide, ESET becomes the first IT security company to earn 100 Virus Bulletin VB100 awards, identifying every single “in-the-wild” malware without interruption since 2003. For more information visit or follow us on LinkedIn, Facebook and Twitter.