200,000 Potential Victims Identified As Malware Disguised As Legitimate Apps Crack Bank Accounts, Warns CIFAS

A prominent fraud prevention service says international crime groups are spreading malware designed to steal victims’ banking information.

The London-based Credit Industry Fraud Avoidance System (CIFAS) says it is witnessing a surge in Android malware attacks targeting banking apps.

CIFAS says  that while the malware targets Android users, other mobile platforms are not immune to attacks, noting that the malicious software may have hit 200,000 victims in just six months.

“These malicious apps often look like legitimate tools – such as file managers, PDF readers, phone cleaners, or even browsers like Google Chrome. Once installed, they can appear harmless but later activate harmful features through hidden updates.

Key techniques criminals use include:

Overlaying fake login screens on top of real banking apps to steal login credentials.

Displaying deceptive ‘busy’ or ‘waiting’ screens to mask fraudulent activity.

Preventing users from exiting the app or restarting their device.

Requesting excessive permissions, especially ‘accessibility’ access.”

According to CIFAS, users should be on the lookout for signs that their phones are infected with malware, including prompts to reauthenticate during a banking session, “busy” messages from banking apps, unexpected notifications to update or install Google Chrome and prompts to grant unusual permissions, particularly accessibility access.

Says CIFAS CEO Mike Haley,

“The surge in Android malware is not just a tech issue – it’s a growing threat to consumers and to banking services we all rely on. Criminals are evolving their tactics faster than ever, using deception and stealth to bypass traditional security measures.

The best defence is awareness. If something feels off – an unexpected update, a strange app request – stop before you tap and always seek a second opinion. Education and vigilance are our frontline tools in the fight against fraud.”