Android users warned to delete app that steals bank info

The app appears genuine but is laced with a malware that can intercept your device.

Android users warned to delete app that steals bank info
© Getty/ Steven Puetzer
Android users warned to delete app that steals bank info

It would appear Android users are having quite the year as new discoveries of malicious apps are being made on a regular basis. Cybersecurity experts are warning of a new app that can intercept your login credentials from banking apps and could even read your text messages. And the worst part is that this app is difficult to delete.

Discover our latest podcast

Todo: Day manager

The malicious program targeting banking information, is hidden in an app called Todo: Day Manager, which is available on the Google Play Store, researchers at Zscaler ThreatLabz have said. As far back as February this year, industry watchers raised the alarm that the bug was being developed and had at least 50 European banks on its target list. Apart from this latest app, the bug had been attached to other similarly innocuous applications and has been installed on numerous Android devices.

It operates by hijacking login credentials from banking apps and because it can also decipher SMS messages, it is possible for it to intercept your two-factor verification codes, typically sent via text or through your banking app. According to cyber experts at Zscaler:

It starts with asking users to enable access permission. Once provided, it adds itself as a device admin and prevents users from disabling Device Admin, making it uninstallable from the phone.
thumbnail
Getty/ d3sign

Cautious downloads

Depending on the permissions you have to the app, you may have to back up your files and clean your device through factory-reset to get rid of it. Cyber expert Chris Hauk who is Consumer Privacy Advocate at Pixel Privacy is quoted by the Mirror as giving this advice on how to avoid sneaky apps:

Look at the apps' icons: fake apps almost always use the icon from the app they're faking. Be suspicious of apps using the same icons. Investigate them closely to find out which is the genuine app.

Also, keep an eye out for the name of the developer, number of downloads (a few hundred or thousand downloads, that's a good clue that the app is a rogue app), and its description and screenshots (especially grammar mistakes or broken English are dead giveaways of a malicious app), Hauk added.

Sources used:

Mirror: All Android users warned to delete app right now - it steals your banking login

PC Risk: Removing Xenomorph banking malware from your Android device

Bleeping Computer: New Xenomorph Android malware targets customers of 56 banks

Delete these four apps immediately, Android users warned Delete these four apps immediately, Android users warned