Android ‘spoofing’ bug targets bank accounts
Banking apps were hit by cyber-thieves who spoofed login pages to steal account details.
The bug lets attackers create fake login screens that can be inserted into legitimate apps to harvest data. More than 60 financial institutions have been targeted by the technique, a survey of the Play store indicated https://www.bbc.com/news/technology-50605455
News Insights:
Craig Young, computer security researcher for Tripwire’s VERT (vulnerability and exposure research team): “UI redressing vulnerabilities can be particularly dangerous in mobile platforms where there are typically already fewer on-screen indicators to confirm what site a user is interacting with. In general, users must be careful about installing apps which request the screen overlay permission or require accessibility settings. Where available, users should also make sure that the ‘Verify Apps’ setting is enabled in Android’s security settings.”