14 DAY TRIAL // Google Play is not famous for providing legitimate apps only, and every once in a while a rogue one sneaks in, despite the automatic analysis tools available for checking the marketplace.
A malicious app called BankMirage has been removed this week by Google Play curators at the alert of Lookout researchers.
BankMirage had been designed as a clone of a legitimate banking app for the customers of a bank in Israel, called Mizrahi Bank. The circumstances that allowed it to make it into the marketplace are unclear and there is no information on the number of users that downloaded it.
When launched, the rogue app would leverage phishing techniques by loading an in-app HTML page presenting a log-in form. One would assume that all the information entered in the fields available would automatically fall into the hands of the crooks.
Well, one would be wrong because it seems that the authors of the app inserted a comment that instructed only the username to be transmitted.
This may be an unintentional flaw, but at least users who downloaded it did not leak the password to their bank accounts.
Lookout says that after the information was captured, BankMirage would return an error message saying that the log-in procedure failed and suggested re-installation of the app; the link to the legitimate banking app would then be provided.