Security and malware researcher Lukas Stefanko, who’s known for catching cryptocurrency-related scams, has recently found an app on Google’s Play Store phishing users’ credentials on conventional banking apps and cryptocurrency exchanges.
Through a video Stefanko showed an app called Easy Rates Converter, which initially just looked like a simple currency conversion app, but that was actually installing phishing malware whenever users installed it, dressing it up as an Adobe Flash update.
When installed, the malware waited for users to open conventional banking apps or the official apps of cryptocurrency exchanges. When users opened these affected apps, the malware created “fake activity” that overlayed the legitimate app and prompted users to log in as if it was the legitimate app.
After users entered their credentials, they were sent to the phishers who could then use them to steal their funds. The malware itself was hard to spot, as the currency conversion tool did work as intended, making the app seem legitimate.
According to The Next Web, since Stefanko reported on the app it has been removed from the Google Play Store.