A severe security weakness withing the Google Android OS has been found, allowing cyber-thieves to create applications, which can steal users banking logins.
The bug, found by a third party has been analysed to understand the implications it has on users.
Basically, it will allow the thieves to create fake log in screens that can be inserted into legitimate apps, therefore ensuring the users confidence.
Google has now said it will be taking severe actions to unsure the issue is fixed and the loophole closed.
“It targeted several banks in several countries and the malware successfully exploited end users to steal money,” Tom Hansen, chief technology officer of Norwegian mobile security firm Promon, which found the bug.
“We’d never seen this behaviour before,”
“As the operating system gets more complex it’s hard to keep track of all its interactions,” he said. “This looks like the kind of thing that gets lost in that complexity.”
Promon has worked with US security firms to scan all apps added to the Android Play Store.
Google has now said, “We appreciate the researchers’ work, and have suspended the potentially harmful apps they identified.”
“Additionally, we’re continuing to investigate in order to improve Google Play Protect’s ability to protect users against similar issues.”