The security experts from ESET company have informed about two new banking trojan applications located in the Google Play store.

The malicious apps made their way into the store disguised as the seemingly harmless apps “Crypto Monitor”, a cryptocurrency price tracking app, and “StorySaver”, a third-party tool for downloading stories from Instagram.

The apps delivered the promised functionalities but also displayed fake notifications and login forms which appear to be from legitimate banking applications but are actually just phishing pages harvesting credentials. The malicious apps also intercept text messages to bypass SMS-based factor authentication.

According to the ESET post: “After the malicious apps are launched, they compare the apps installed on the compromised device against a list of targeted banking apps – in this case, the official apps of fourteen Polish banks”. The list of the endangered banking apps can be found here.

Fortunately, the malwares do not use any advanced tricks to ensure its persistence on affected devices and can be removed using standard uninstall procedure. The removal of the apps may not necessary be enough, because the cybercriminals might already have access to the victims bank accounts. Therefore, ESET researchers advise the users to change PIN codes and check their bank accounts for suspicious transactions.

To prevent any future problems, the security experts recommend the users to always check app ratings and reviews, pay attention to what permissions you grant to apps, and use a reputable mobile security solution to detect and block latest threats.