• The fake Android banking app, dubbed Movil Secure, has racked up hundreds of downloads in just six days.
  • The SMiShing campaign is targeting Spanish-speaking users.

A new SMiShing campaign has been observed in the wild, targeting Spanish-speaking users and leveraging a fake Android banking app. The fake app, called Movil Secure has already racked up hundreds of downloads in a period of just six days.

According to Trend Micro researchers, who discovered the new campaign, the fake Movil Security app has been cleverly designed, with professional-looking branding, to trick users into believing it is legitimate. The researchers found three other similar fake apps created by the same developer. However, all the fake apps have been removed from the Google Play Store.

“Movil Secure was published on October 19, and there were over 100 downloads in a six-day period. The number of downloads is likely because the app claims to be connected to Banco Bilbao Vizcaya Argentaria (BBVA), a popular Spanish banking group with multinational ties,” Trend Micro researchers said in a report. “This bank is actually known for being pro-technology, and its real mobile banking app is considered one of the industry’s best.”

Movil Security does not have any of the functionalities it claims to possess. In fact, researchers discovered that the fake app is a spyware that is capable of gathering information such as device IDs, OS versions, SMS messages, phone numbers, and more. The spyware also hides from users, making it difficult for users to remove it.

“The actors behind the app have already started using the data they’ve collected for SMiShing attempts. In a post in the app’s reviews section, one commenter said it was a scam that targeted his bank card,” Trend Micro researchers added. “We suspect that the data taken from these apps may be used for further SMiShing attacks, or in other attempts to collect banking credentials from customers of these Spanish banks. So far, we have uncovered the capabilities of this version of the spyware, but we will continue to monitor and track its evolution.”

Cyware Publisher