Google Play Store Hosted App Found Hacking Crypto Login Credentials

A video published Thursday by security researcher Lukas Stefanko exposed a malicious app hosted on the Google Play store that distributes malware onto unsuspecting user's mobile devices.

In reality, it infects devices with malware designed to harvest their login credentials to legitimate crypto and fiat banking applications.

At the time Stefanko published his video, the app had over 500 downloads.

The developer name on the app is listed as 'hitech soft.

According to Stefanko, once the app is downloaded, it deploys malware that infects the host device through a fake Adobe Flash update.

On the surface, the malicious app still functions as a currency converter.

The malware program waits for the user to open a targeted banking app, then overlays the screen with one designed to look exactly like the login screen of the actual app and prompts the user to enter their login information.

When running, the infiltrating app can be seen on an Android device when the user toggles through the apps they have open.

Even knowing the app was there, when Stefanko tried to tap back into a legitimate app on his phone, the malware overlaid itself on his screen again.

Keeping an Eye OutA search through the Google Play store showed the app has been taken down since becoming the subject of Stefanko's video, in which he also explains how to remove the malware once found on a device.