Look out for this fake weather app that steals your mobile banking credentials


Android users have been warned about downloading a fake weather app designed to spread malware and steal banking details.

The fake Good Weather app, which was available to download from the Google Play Store, mimicked the official app of the same name and was used to spread the Trojan.Android/Spy.Banker.HU malware.

According to online security firm ESET, once the fake weather app is installed on the victim’s device, the icon then disappears and he malware then starts to request administrative access to initiate a “system update”.

The “system update” requests access to “Change the screen unlock password” and control the lock screen.


By launching the update, the user has essentially locked themselves out of their own phone and the malicious activity is then executed.

“The trojan displays a fake login screen once the user runs one of the targeted banking apps and sends entered data to the attacker,” ESET researcher Lukas Stefanko wrote in a blog post.

“As for the device locking, we suspect this function enters the picture when cashing out the compromised bank account, to keep the fraudulent activity hidden from the user.

“Once locked out, all victims can do is wait until the malware receives a command to unlock the device,” he added.


ESET says the app has already been downloaded more than 5,000 times and is currently carrying out attacks on no less than 22 Turkish mobile banking apps.

The malware is able to access mobile banking credentials as it can intercept SMS messages on the infected device. This means that the malware is able to access the banking credentials even if the victim has two step authentication enabled.

Two step authentication works by sending an SMS message to the recipient with a special passcode that is used to access an online account. It adds an extra layer of security because the user needs to be in possession of the phone and the SMS code in order to access the account in question.

However, this latest malware is able to hijack the SMS and use the code to access the online bank account of the victim.

This malware emphasises the importance of always checking the permissions before you install an app, even if you downloaded from an official apps store.

If you don’t like what the app is requesting then look for an alternative.

You should also make sure you have up to date anti virus software installed on your device.


Comments are closed.