Several Indian bank customers may have been duped by scamsters through fake Android apps. According to a report by Sophos Labs, an IT security firm, customers of at least 7 banks, SBI, ICICI Bank, Axis Bank, Indian Overseas Bank, BoB, Yes Bank and Citi Bank might have lost their data from their mobile phones through these apps. These apps are available on the Android Play Store and resemble the banks’ original apps and customers might have been lured into downloading and installing these apps by offering some freebies.
According to an Economic Times report, the banks have not fully acknowledged that this menace exists and only a few of them said they will conduct an investigation. These banks have kept the nodal agency, CERT also in the loop. CERT may do its own investigation as it does with computer security incidents brought to its attention. Yes Bank has said they have handed over the case to their cyber fraud department. The largest of them all, State Bank of India is however, yet to respond in any manner.
The interesting thing, if one were to go by the report by Sophos Labs, is that some of these apps were ‘too good to be true’. Some of these apps carried malwares that were capable of stealing other information that the users might have stored in their phones, like credit cards and other details.
The familiar, but serious problem of rogue apps finding their place into the Android Play Store has been worrying the cybersecurity experts for long. Google has taken some steps recently in its and security and privacy policy for app developers and some of the permissions earlier granted are not being easily allowed now. But it is still a long way before Google is able to spring-clean its Play Store of all such suspicious apps.
The banks will have to devise their own ways to stop this threat and introduce some steps to prevent customers from falling into traps.