Hacking
(PICTURE FOR REPRESENTATION ONLY) A hooded man holds a laptop computer as cyber code is projected on him in this illustration picture taken on May 13, 2017.Reuters

Three banking corporations in India were the subject of new malicious activity that targeted credit card holders. The attackers used the fake versions of the banks' apps on the Google Play Store as means to trick customers into handing over account credentials.

Bogus Android apps of ICIC Bank, RBL Bank, and HDFC Bank were all used by the perpetrators on three separate occasions as a front to collect sensitive data from unsuspecting victims. Information like credit card account number, names, expiration dates, and CVV was funnelled through fake application forms which the potential victims had filled up.

Security firm ESET last week reported that the said application forms were supposedly meant to increase the credit card limits of the credit card holders. Unfortunately, the stolen information was not only collected but released online in plain text via an exposed server.

"The data entered into the bogus forms is sent in plain text to the attacker's server. The listing of the stolen data on that server is accessible to anyone with the link, without requiring any authentication," wrote ESET. "For the victims, this amplifies the potential damage, since their sensitive data is not only at the attacker's disposal, but potentially available to anyone who comes across it."

The said apps were available for download on the Play Store between June and July 2018 and were traced back to one perpetrator only. One was removed after the other, a clear indication that the attackers were hustling to get something out of this modus.

Fake banking apps
The application form on fake banking appsESET

At first glance, the apps can easily be identified as fake since they offer no other functionalities other than to ask the customers' personal banking details.

The company advises all mobile banking app users not to give in to promises like increasing credit card limits, especially when the transactions are not done in person or in legitimate correspondence. In addition, users are warned to pay attention to the number of downloads as well as the ratings and reviews before downloading an app from the Google Play Store.

Fake banking apps
The interfaces of fake banking appsESET

Internet giant Google had been slammed for multiple times for its "lax" screening of apps uploaded to its app store. Despite that, the company has been continuously purging the platform from malicious apps since years ago.