Found programs on Google Play impersonating 14 applications of Polish banks

At the end of November, two applications appeared in the official Google Play store - "CryptoMonitor", intended for alleged tracking of cryptocurrency prices and "StorySaver", promising to download from Instagrama the so-called. "Stories", or short user stories from the last day. Both applications, in addition to the promised functionalities, displayed to their victims system notifications, which looked identically to those generated by banking applications. In addition, malicious applications displayed false log-on forms to bank accounts to their victims in order to ultimately capture logins and passwords entered via them. However, this is not all. As experts from ESET emphasize, both applications could also capture SMS messages containing codes to authorize online transactions without the user's knowledge. ESET has already informed Google about detected threats. Unfortunately, until they were removed, they were downloaded by Polish users several thousand times.

How do fake applications work?

Just after downloading the malicious application, this one started scanning the device in search of banking applications. If an application of one of the fourteen banks was detected, the malicious program began to imitate the actions of such an application in the background. Displayed the victim in the system notifications "New message from the bank" or forced login to the bank account.


Fake notification displayed by a malicious application.

Fake login form for a bank account displayed by a malicious application.

How to get rid of malware?

If you use infected applications, you must delete it immediately. The bad news is that if you installed it and you have one of fourteen selected banking applications on your device, the fraudsters could not only get into your bank account, but also get your money out of it - Kamil Sadkowski from ESET emphasizes.

The expert advises in this case to verify the history of your account from the last month. To avoid infection with these types of malicious applications, always check app ratings and their reviews before installing them on your device. It is worth paying attention to the permissions requested by downloaded applications, and also to protect your tablet or smartphone with security software.

Below is a list of 14 banking applications that targeted malicious software:

  • Alior Mobile
  • BZWBK24 mobile
  • Getin Mobile
  • IKOMoje
  • ING mobile
  • Bank Millennium
  • mBank PL
  • BusinessPro
  • Nest Bank
  • Bank Pekao
  • PekaoBiznes24
  • plusbank24
  • Mobile BankCiti Handlowy


Learn more about our offer

If you sell security solutions, are a distributor, authorized partner or developer and would like to share your portfolio with a group of potential customers, advertise an event, software, hardware or other services on AVLab - simply write to us. Or maybe you had to deal with ransomware? We can also help you decrypt your files.
Read more

We use Google Cloud Translation and Gengo API’s to translate articles with exception of our comparative tests.