The malware was discovered as two legitimate apps

Dec 12, 2017 10:56 GMT  ·  By

Malware in the Google Play Store is nothing new, as infected apps occasionally make it to the store and become available for Android devices, and this time two different listings were found to be spreading banking Trojans.

Security company ESET says the malware was specifically aimed at Polish banks and was disguised as two legitimate apps, namely Crypto Monitor and StorySaver. The two apps recorded between 1,000 and 5,000 downloads in the Google Play Store, according to official stats, before eventually getting removed following ESET’s report.

The company explains that the first app was uploaded to the store on November 25, while the one was listed for download four days later.

After installed, the apps scanned the device to look for banking apps using a list of fourteen Polish banks.

“If any of the fourteen apps are found on the device, the malware can display fake login forms imitating those of the targeted legitimate apps. This may happen without any action on the user’s side, or after the user clicks on a fake notification displayed by the malware, seemingly on behalf of the bank,” ESET says.

Check your bank account

Since the apps have already been removed from the Google Play store, no new devices can be infected, while those were they are already installed can remove them from Settings > General > Apps. Both Crypto Monitor and Story Saver should be removed as soon as possible.

On the other hand, devices that were compromised before ESET discovered the malware might have already exposed bank accounts, so users are recommended to get in touch with their banks and keep an eye out for any possible unauthorized transactions.

“We advise you to check your bank account for suspicious transactions and seriously consider changing pin codes,” ESET says.

The company’s security solution for Android flags the malware as Android/Spy.Banker.QL and many of the other security products for the platform have already been updated to block it as well.