Various payment apps displayed on Google Play Store. (Photographer: Anirudh Saligrama/BloombergQuint)

Fake Bank Apps May Have Stolen Data Of Thousands Of Customers, Report Says

Fake applications of the State Bank of India, ICICI Bank, Axis Bank, Citi and other leading banks are available on Google Play, which may contain stolen data of thousands of bank customers, a report by IT security firm Sophos Labs claims.

These fake android applications have logo of the respective banks, which makes it difficult for customers to differentiate between the fake and original applications, it said.

The report said the deceptive malware in these apps may have stolen thousands of customers' account and credit card details. When some of the banks mentioned in the report were contacted, they said that they had not come across any such fake applications.

However, some banks have initiated inquiry and have also informed the CERT-In -- the national nodal agency for responding to computer security incident.

The fake applications target a total of seven banks like SBI, ICICI, Axis, Indian Overseas, Bank of Baroda, Yes Bank and Citi Bank, the report said. Yes Bank said that it had informed the bank's cyber fraud department about the matter.

However, the country's largest lender, the state-run SBI, has still not responded. There were no immediate comments from ICICI Bank and Axis Bank.

According to the report, the applications lured victims to download and use them, either by masquerading as internet applications or e-wallets, promising rewards, including cash back on purchases, free mobile data or interest free loans.

Some even claimed to be providing a too-good-to-be-true service, enabling users to withdraw cash from an ATM and have it delivered to their doorstep. "Deceptive malware may have stolen thousands of Indian sub-continent bank customers account data or credit card numbers," said Pankaj Kohli, threat researcher, SophosLabs.

Fake applications are not new to Android and this sort of malware will continue to find its way into the android application store, it said.

Also read: Now Apps Can Track You Even After You Uninstall Them