CASHING OUT

Urgent warning for millions of Android phone owners – your bank could be emptied

ANDROID users have been warned of a fake app copycatting a popular video chat platform.

Victims have been duped into downloading an Android version of Shagle, a free adult chat site.

Advertisement
Real site vs fake site - both look exactly the sameCredit: ESET

But here's the thing - Shagle doesn't have an app.

Not on Android, nor on iPhone.

It's entirely web-based through your web browser, like Chrome.

People who have downloaded the app risk giving away a whole host of personal information from your phone away to hackers, which could eventually be used to raid your bank accounts.

Advertisement

Experts from ESET uncovered the fake ripoff on a website impersonating Shagle.

Fortunately it never made its way onto the Google Play Store.

But what made it all the more convincing is that it was a functional app.

Cyber crooks pulled it off by turning the app into a trojanized version of the Android Telegram app.

Advertisement

Most read in Tech

APP-SURD!
FURY as Uber makes major change to app - customers warn it's 'extremely scary'
BONE TO PICK
World's oldest lizard fossil stuns scientists after being unearthed in BRISTOL
POD OF BLOOD
Orcas declare WAR on world’s biggest sharks as they kill massive sea beasts
FRIEND OR FOE?
Footprints reveal TWO species of humans had shock encounter 1.5m years ago

With it, they can record phone calls, collecting SMS messages, see lists of numbers you've called, access your contact list, and much more.

And if it's allowed accessibility services, the app can even get hold of stuff from apps such as Gmail and Messenger.

Experts believe the so-called StrongPity group are behind the campaign.

"The mobile campaign operated by the StrongPity APT group impersonated a legitimate service to distribute its Android backdoor," ESET researchers said.

Advertisement

"StrongPity repackaged the official Telegram app to include a variant of the group’s backdoor code."

Fortunately, ESET says the site distributing the fake app is no longer active.

But it serves as an important reminder to all.

Never download apps onto your Android devices from the wider web.

Advertisement

Always go through the Google Play Store - or your smartphone's bespoke app store.

That way you are far less likely to stumble across something malicious.

Best Phone and Gadget tips and hacks

Looking for tips and hacks for your phone? Want to find those secret features within social media apps? We have you covered...

Get all the latest WhatsApp, Instagram, Facebook and other tech gadget stories here.



We pay for your stories! Do you have a story for The Sun Online Tech & Science team? Email us at tech@the-sun.co.uk

Advertisement

Topics
Advertisement
machibet777.com