On its face, it looks like most of the other mobile banking apps that Android users install.  The graphics are well-done and it's a convincing copy of the banking software that it seeks to emulate. It displays a very accurate corporate logo and also includes a customer support number for the bank.

Here's where it gets interesting.  The number shown is the actual customer support number of the bank, but when the user attempts to call that number, the malware will break the connection and display a dummy call screen which is virtually identical to the real one.

The victim still sees the bank's genuine customer support number on the screen. So, by all outward appearances, nothing has changed. However, the connection that ultimately gets made isn't to a bank employee but one of the hackers controlling the malicious code.

Naturally the representative will be asking for several sensitive pieces of information to "verify the identity" of the victim who's calling in. Then, every bit of the information gathered will be used against the victim later.

If there's a silver lining to be found here it lies in the fact that so far, this app is only offered in Korean. Outside of South Korea you don't see it very often.  If you do business in that part of the world, you may have some exposure to it.

According to Kaspersky Lab, the malware can only be found on third party sites so it hasn't penetrated the Google Play Store.  If you steer clear of those third-party sites for downloading apps even if you do business in South Korea your exposure should be quite limited.

Used with permission from Article Aggregator