A fake Android app posing as a “Cleaning Service Malaysia” is stealing online banking credentials from eight Malaysian banks. The app is promoted through fake websites and newly created social media accounts.
The malicious app displays a reservation form for a house cleaning appointment. Once the victim provides all the information asked on the reservation form, it will proceed to ask users to login from their respected banks using a fake login form that looks like the original bank form. Any card credentials entered on the fake login will be sent directly to hackers.
Things to remember:
- Only download apps from the Google Play Store.
- Carefully review permission requests and avoid installing apps that request more privileges than it should require for its functionality.
- Check the website address in every form that asks you for personal or financial details to verify you interact with the real service you trust.
- Always search for reviews / comments online about new companies or services you want to try out. other customers experiences may prevent being scammed.
Source: BleepingComputer – Malicious Android app steals Malaysian bank credentials, MFA codes
