Security News > 2021 > December > Malicious Android app steals Malaysian bank credentials, MFA codes
A fake Android app is masquerading as a housekeeping service to steal online banking credentials from the customers of eight Malaysian banks.
The app is promoted through multiple fake or cloned websites and social media accounts to promote the malicious APK, 'Cleaning Service Malaysia.
Upon installing the app, users are requested to approve no less than 24 permissions, including the risky 'RECEIVE SMS,' which allows the app to monitor and read all SMS texts received on the phone.
Once launched, the malicious app will display a form asking the user to reserve a house cleaning appointment.
The requested permissions also indicate something is not right, as a cleaning service app does not have a legitimate reason to request access to a device's texts.
Always review the requested permissions carefully and do not install an app that is asking for greater privileges than it should require for its functionality.