Apps in Google Play store that stole banking logins were downloaded 300,000 times, report says

Banking login theft hit users through a batch of nasty apps in the Play store. Google says the apps have been yanked.

Rae Hodge Former senior editor
Rae Hodge was a senior editor at CNET. She led CNET's coverage of privacy and cybersecurity tools from July 2019 to January 2023. As a data-driven investigative journalist on the software and services team, she reviewed VPNs, password managers, antivirus software, anti-surveillance methods and ethics in tech. Prior to joining CNET in 2019, Rae spent nearly a decade covering politics and protests for the AP, NPR, the BBC and other local and international outlets.
Rae Hodge
Juan Garzon/CNET

A batch of seemingly harmless apps in the Google Play store that were actually malware in disguise and were used to steal people's bank account logins have been removed from Play, Google confirmed Tuesday. The researchers who discovered the bogus programs said they'd been downloaded by Android users around the world more than 300,000 times, according to an Ars Technica report on the 12 apps.

Mobile security researchers at ThreatFabric found malware designed to steal people's online banking passwords and two-factor authentication codes. They said the malware also logged keystrokes and even took screenshots through people's phones.  

Though the tainted apps used a few different methods of deception, the researchers said many of the apps bypassed Google's new security restrictions by first offering people a seemingly legitimate app that initially tested negative for malware. The apps even functioned just as advertised when users first downloaded them. 

Once the apps were installed, though, they prompted people to update them. That's when the malware was installed in the form of a Trojan horse, a type of malware characterized by its initially harmless appearance.