Security researcher Joshua Shilko says phishing apps targeting some of the world’s biggest payment services have slipped past screening and landed on Google Play.
Shilko says he’s aware of 11 well-designed fraud apps that have slipped into the official Play store, often by mimicking mobile payment sites.
Shilko did not name the affected payment sites but one appears to be U.K. based payment firm Neteller.
There is no suggestion the firms are at fault; rather it is the clever but basic design of the apps as a malicious mobile web page rather than a heavier malware .apk that could be part of the attacker’s success. Google’s part of the problem too: Shilko says the company can take “several days” to act on user fraud reports.