Latest Updates: Scam Applications Target CommBank, ANZ

LATEST UPDATES – There were more than a thousand of CommBank and ANZ customers who handed out their log-in details and credit card numbers after downloading suspicious banking applications.

For several weeks, these fake applications were undetected in the Google Play store. They were installed more than a thousand times before ESET, an IT security research firm, flagged warnings. This was according to The Age’s Thursday report.

ESET senior research fellow Nick FitzGerald said that these apps were found during routine checks. Moreover, FitzGerald mentioned that it was rare for fake banking apps to pass the automated Google Play system.

These fake CommBank and ANZ apps had basic functionality such as requesting credit card details or log-in credentials. These features may have helped them to pass through the system.

“The apps use obfuscation, which may have contributed to them slipping into the store undetected. This is a big concern for anyone who may have handed over personal information. The loss of personally identifiable information can result in the financial fraud that may affect you for the rest of your life very negatively,” FitzGerald said.

He added that similarities of code from these fake apps suggest they came from the same attacker.

Based on the report, the scam apps also targeted CommBank-owned Auckland Savings Banks and other banks in Switzerland, UK, Poland, and European cryptocurrency exchange Bitpanda.

However, a Google spokesperson refused to answer as to how many times the apps were downloaded, or how they passed through the Google Play store.

“We remove applications that violate our policies, such as apps that are illegal or that promote hate speech. We don’t comment on individual applications — you can check out our policies for more information,” he said.

These scam cases will fall outside the new mandatory data-breach notification scheme in Australia that passed into law earlier this year.

CommBank, ANZ guarantee security for customers against scams

As per a CommBank spokeswoman, customers’ banking details was the bank’s “top priority.”

“We proactively monitor app stores, and use customer feedback, to identify potential security risks for our customers. Once a suspicious app is identified, we work with the app store to ensure the app is quickly removed or disabled. To protect our customers, we offer the benefit from our 100 percent Security Guarantee against unauthorized transactions where customers are not at fault.” she said.

Meanwhile, an ANZ spokeswoman said that was having a continuous monitoring for fake ANZ applications and latest security scams.

“In June 2018 via a customer, we became aware of a fraudulent app called ANZ PayOnGO being advertised on Google Play. We worked closely with the Google Play team to have the app removed in a few hours,” she said.