ANDROID phone owners are being warned over a dangerous app that steals your banking login.
You need to check your phone immediately to make sure it’s not installed, cyber-experts say.
1
The app is called Todo: Day Manager, and has been slammed by security specialists.
It installs a banking trojan malware called Xenomorph, according to researchers at Zscaler ThreatLabz.
This can hijack your login info from banking apps, and can even read your SMS messages.
That allows the app to intercept your two-factor verification codes (typically delivered over text) to raid your logins – and bank account.
“This is the latest in a disturbing string of hidden malware in the Google Play store,” the cyber-experts warned.
Worse still, the Android app makes itself intentionally difficult to delete.
You need to search your phone for it immediately and uninstall it, cyber-experts say.
“Our analysis found that the Xenomorph banking malware is dropped from GitHub as a fake Google Service application upon installation of the app,” said the Zscaler cyber-experts.
Most read in Tech
“It starts with asking users to enable access permission.
“Once provided, it adds itself as a device admin and prevents users from disabling Device Admin, making it uninstallable from the phone.”
If you haven’t given permissions to the app then you should be able to uninstall it safely.
Otherwise, you may have to back up your files and then factory-reset your phone to clear the app completely.
Advice on staying safe
We spoke to cyber-expert Chris Hauk, who offered some tips for avoiding dodgy Android Apps.
Here’s what Chris, who works as a Consumer Privacy Advocate at Pixel Privacy, told The Sun…
“When searching for an app in the Google Play Store, pay close attention to the search results,” Chris explained.
“Look at the apps’ icons: fake apps almost always use the icon from the app they’re faking. Be suspicious of apps using the same icons. Investigate them closely to find out which is the genuine app.
“Look at the developer’s name. For instance, we know the WhatsApp Messenger app is offered by WhatsApp LLC. The rogue app could show the developer’s name as ‘Big Bill Johnson LLC,’ indicating that something is wrong.
“Look at the app’s download count. If you’re looking at the WhatsApp app, it should have billions of downloads. If the app has just a few hundred or thousand downloads, that’s a good clue that the app is a rogue app.
“Look at the app’s description and screenshots. The description may contain multiple spelling or grammar mistakes, or otherwise broken English.”
Chris added: “Also, make use of Google Play Protect. Google Play Protect analyses potentially bogus and harmful apps before you download them, and also regularly scans your apps for malware and will alert you to uninstall rogue apps.”
Best Phone and Gadget tips and hacks
Looking for tips and hacks for your phone? Want to find those secret features within social media apps? We have you covered…
We pay for your stories! Do you have a story for The Sun Online Tech & Science team? Email us at [email protected]
This post first appeared on Thesun.co.uk
