BANK ON IT

All Android users warned to delete app right now – it steals your banking login

ANDROID phone owners are being warned over a dangerous app that steals your banking login.

You need to check your phone immediately to make sure it's not installed, cyber-experts say.

Advertisement
The Todo Day Manager app has been flagged as dangerous by cyber-expertsCredit: Google / Zscaler

The app is called Todo: Day Manager, and has been slammed by security specialists.

It installs a banking trojan malware called Xenomorph, according to researchers at .

This can hijack your login info from banking apps, and can even read your SMS messages.

That allows the app to intercept your two-factor verification codes (typically delivered over text) to raid your logins – and bank account.

Advertisement

"This is the latest in a disturbing string of hidden malware in the Google Play store," the cyber-experts warned.

Worse still, the Android app makes itself intentionally difficult to delete.

You need to search your phone for it immediately and uninstall it, cyber-experts say.

"Our analysis found that the Xenomorph banking malware is dropped from GitHub as a fake Google Service application upon installation of the app," said the Zscaler cyber-experts.

Advertisement

Most read in Tech

LET ME IN!
Secret Netflix, WhatsApp and iPhone clubs let you unlock free 'hidden' benefits
APPLE JUICED
iPhone owners say new update kills battery – but it's too dangerous to skip
BANK RAIDER
Horror Android & iPhone mistake lets crooks clone cards for spending sprees
JAWSOME!
Terrifying clip shows what it’s like to be EATEN by a shark

"It starts with asking users to enable access permission.

"Once provided, it adds itself as a device admin and prevents users from disabling Device Admin, making it uninstallable from the phone."

If you haven't given permissions to the app then you should be able to uninstall it safely.

...

"When searching for an app in the Google Play Store, pay close attention to the search results," Chris explained.

"Look at the apps' icons: fake apps almost always use the icon from the app they're faking. Be suspicious of apps using the same icons. Investigate them closely to find out which is the genuine app.

Advertisement

"Look at the developer’s name. For instance, we know the WhatsApp Messenger app is offered by WhatsApp LLC. The rogue app could show the developer's name as 'Big Bill Johnson LLC,' indicating that something is wrong.

"Look at the app's download count. If you're looking at the WhatsApp app, it should have billions of downloads. If the app has just a few hundred or thousand downloads, that's a good clue that the app is a rogue app.

"Look at the app's description and screenshots. The description may contain multiple spelling or grammar mistakes, or otherwise broken English."

Advertisement

Chris added: "Also, make use of Google Play Protect. Google Play Protect analyses potentially bogus and harmful apps before you download them, and also regularly scans your apps for malware and will alert you to uninstall rogue apps."

Best Phone and Gadget tips and hacks

Looking for tips and hacks for your phone? Want to find those secret features within social media apps? We have you covered...

Get all the latest WhatsApp, Instagram, Facebook and other tech gadget stories here.


We pay for your stories! Do you have a story for The Sun Online Tech & Science team? Email us at tech@the-sun.co.uk

Topics
Advertisement
machibet777.com