Users being tricked into installing malicious bank account apps! Know 4 ways to stay safe

After Google Play Store launched a crackdown, cybercriminals have turned their attention elsewhere and are now exploiting WebAPKs to trick users into installing malicious apps.

| Updated on: Jul 18 2023, 11:26 IST
5 amazing animation apps that will give you awesome content to impress your manager
Android smartphone
1/5 Prisma 3D:Prisma is a mobile photo-editing application that employs the power of neural networks and artificial intelligence to seamlessly apply artistic effects, thereby transforming ordinary images into captivating works of art. (Prisma 3D/ Playstore)
image caption
2/5 TweenCraft:It is  a user-friendly cartoon video maker application, designed specifically for Android devices. With its intuitive features, users can effortlessly breathe life into their stories through basic animation and voice modulation functionalities. The app offers  a distinct interface that offers a wide selection of backgrounds, empowering users to create personalized stories of their choosing.  (TweenCraft/ Playstore)
image caption
3/5 Renderforest:Renderforest is an online animation and video creation platform that offers a wide range of customizable templates for creating professional-looking animations, explainer videos, promotional videos, and more.   (Renderforest/ Playstore)
image caption
4/5 ToonMe: It is a photo editing app that effortlessly turns your pictures into animated characters with just a few simple taps. This app is accessible for free on both iOS and Android platforms, allowing users to easily download and enjoy its features.  (ToonMe/ Playstore)
image caption
5/5 FlipaClip: This app empowers users to create impressive animations directly on their smartphones or tablets. With its intuitive interface and lightweight design, this app operates like a virtual flipbook, allowing users to draw on individual pages and flip through them to witness captivating motion. Whether you're a novice or an experienced animator, FlipaClip offers a wide range of features that enable the creation of stunning animations.   (FlipaClip/ Playstore)
Android smartphone
View all Images
Victims are being tricked into installing apps, not through the Google Play Store, but through WebAPKs. (Pexels)

Google Play Store has over 2.5 million apps for any and all tasks imaginable under the Sun. However, there have been numerous instances where Android users have downloaded apps from the Play Store and their devices got infected with malware. While Google's Play Protect screens apps before they get onto the platform, some of them can slip through. To protect its users against malware, Google recently announced measures such as the requirement of a valid D-U-N-S (Data Universal Number System) number to submit new apps.

This has forced cybercriminals to think of new ways of duping victims, and a recent campaign has been discovered where they forced victims into installing apps not through the Google Play Store, but through WebAPKs.

According to a report by HackerNews, security researchers at the Polish Financial Supervision Authority's Computer Security Incident Response Team (CSIRT KNF) have revealed that cybercriminals have been exploiting WebAPKs and tricking users into installing malicious apps.

How does it work?

As per the report, hackers send fake messages to victims, telling them to update the banking apps on their phones. The message also contains a link to an external website that uses WebAPK technology to install malicious apps onto the device. The fake banking app used in this campaign was PKO Bank Polski, a Polish multinational bank and financial services company.

The app asked users to enter their credentials and the 2FA authentication code and this allowed hackers to empty the victim's bank account. The report further states that WebAPKs are particularly hard to track since they have a different package name and checksum on every device.

How do hackers exploit WebAPKs?

Like sideloading APKs, WebAPKs also allow users to install apps through the web browser. According to Google, “When a user installs a PWA from Google Chrome and a WebAPK is used, the minting server “mints” (packages” and signs an APK for the PWA.” That means the package automatically gets signed by the provider and does not trigger any security flag. Although it is a quite time taking process, the WebAPK silently gets installed onto the device.

In a statement, CSIRT KNF said, “They are dynamically built by the Chrome engine, which makes the use of this data as Indicators of Compromise (IoC) difficult.”

How to protect yourself against such attacks?

1. Only install apps from official sources such as the Google Play Store.

2. Never download any apps from third-party app stores.

3. Do not open any links from any of the text messages you receive. Banks never ask customers to install any app from a given link.

4. Install antivirus and antimalware software on your smartphone to keep it safe from any potential threat.

Follow HT Tech for the latest tech news and reviews , also keep up with us on Twitter, Facebook, Google News, and Instagram. For our latest videos, subscribe to our YouTube channel.

First Published Date: 18 Jul, 11:25 IST
keep up with tech