Mobile users are being urged to “stop before you tap” in a warning about malicious apps that trick people into downloading malware onto their phone, putting their personal and finance information at risk.
Anti-fraud, cybersecurity and finance organisations are highlighting a “surge” in Android malware.
They want people to be on the lookout for unexpected updates or “strange” app requests.
Malicious apps may mimic legitimate tools to steal banking details.
The Cyber Defence Alliance (CDA), UK Finance, Cifas, and ThreatFabric have joined forces to highlight the problem.
In some cases, malicious apps may look like file managers, PDF readers, phone cleaners, or even browsers like Google Chrome, the organisations said.
Once installed, they can appear harmless but later activate harmful features through hidden updates.
Criminals may use techniques which overlay fake login screens on top of real banking apps to steal login credentials.
Deceptive “busy” or “waiting” screens may be displayed to mask fraudulent activity.
People may also be prevented from exiting the app or restarting their device.
They may find that excessive permissions such as “accessibility” access are requested.
People are being urged by the organisations to be vigilant particularly when being prompted to re-authenticate during a banking session; encountering unresponsive banking apps showing “busy” messages, installing generic-looking apps such as file managers or phone cleaners; receiving unexpected prompts to install or update Chrome; and being asked to grant unusual permissions, particularly accessibility access.
International crime groups are at heart of mobile attacks, the organisations said, adding that users in general should be vigilant.
Han Sahin, CEO of ThreatFabric, said: “Just as we’ve learned to be cautious with links, we now need the same vigilance when installing apps. This is the logical next step in staying safe, and public awareness is crucial.”
Garry Lilburn, operations director at CDA, said: “This crime highlights the growing prevalence and sophistication of mobile malware.
“As we work to better understand and disrupt this evolving threat, it’s crucial that financial consumers stay vigilant, follow recommended security tips, and take a moment to verify what’s in front of them – before becoming the next victim of this highly targeted fraud.”
Dianne Doodnath, principal of economic crime at UK Finance, said: “We encourage customers to stay alert to all threats of fraud, including the potential for criminals to trick people into downloading malware onto phones which could put your personal and finance information at risk of theft.
