A security flaw in Google’s Android software found by security experts at Promon has let cyber-thieves craft apps that can steal banking logins.
Called Strandhogg, the vulnerability can be used to trick users into thinking they are using a legitimate app but are clicking on an overlay created by the attackers. More than 60 financial institutions have been targeted by the technique, a survey of the Play store indicated.
The problem emerged after Norwegian mobile security company Promon analysed malicious apps that had been spotted draining bank accounts. Promon worked with US security company Lookout to scan apps in Android's Play store to see if any were being abused via the Strandhogg bug.
They found that 60 separate financial institutions were being targeted via apps that sought to exploit the loophole. Lookout said it found criminals used variants of a well-known malicious money-stealing app known as bankbot.
Still, Google said it had taken action to close the loophole and was keen to find out more about its origins, according to BBC.
Every day we send out a free e-mail with the most important headlines of the last 24 hours.
Subscribe now