Hey Guys,

Researchers from Bitdefender have uncovered four more apps that pretend to be helpful file explorers and cleaner apps. Still, in reality, they infect your phone with malware designed exclusively to empty your bank account. The malware does this by extracting your banking passcodes from your device and intercepting any two-factor authentication messages your bank sends. This malware is spread via dropper apps. A dropper app is an app that gets published in the play store as a fully trusted app. They pass all of the security checks, and at a glance, they look legitimate. However, as soon as they get published, they immediately connect to their command and control server, downloading a malicious portion (a payload) that turns the app into malware.

This malware has been programmed to steal banking credentials from the following banking applications:

  • Barclays
  • Bank of Ireland Mobile Banking
  • The Co-operative Bank
  • AIB (NI) Mobile
  • Permanent TSB
  • MBNA Mobile App
  • Mobile Bank UK – Danske Bank
  • Barclaycard
  • Tesco Bank and Clubcard Pay+
  • Virgin Money Mobile Banking
  • Smile – the internet bank
  • Starling Bank – Mobile Banking
  • Metro Bank
  • Santander Mobile Banking
  • HSBC UK Mobile Banking
  • TSB Mobile Banking
  • Bank of Scotland Mobile App
  • Halifax Mobile Banking
  • Lloyds Bank Mobile Banking
  • Banca MPS
  • NewExtraMobileBank
  • RelaxBanking Mobile
  • BNL
  • Hello Bank!
  • ING Italia
  • SCRIGNOapp
  • BancoPosta
  • Intesa Sanpaolo Mobile
  • Intesa Sanpaolo Business
  • Intesa Sanpaolo Private
  • Fineco
  • Credit
  • BMO Mobile Banking
  • Alfabeto Banking
  • YouApp – Mobile Banking
  • CheBanca!

Please check your phone to see if you have any of these installed and if you do, remove them straight away:

  • X-File Manager
  • FileVoyager
  • Phone AID, Cleaner, Booster
  • LiteCleaner M

Let me know if you need any help.

All the best,

Max Roberts,
Incognito Privacy Care Team