Android device owners are being warned about a malicious app that may have access to personal banking information.
Cyber experts warn that the seemingly innocuous to-do list application known as Todo: Day Manage may be stealing your banking information.
Their advice: immediately check your phone to make sure it’s not installed.
Watch the latest news on Channel 7 or stream for free on 7plus >>
According to Zscaler ThreatLabz researchers, the app installs a banking Trojan malware called Xenomorph.
This malware is designed to hijack your banking app credentials.
It can even read your text messages, researchers say.
It can also allow the app to intercept your two-factor authentication codes.
“This is the latest in a disturbing series of hidden malware in the Google Play Store,” Zscaler’s cyber experts warned.
The Android app also deliberately makes itself difficult to uninstall, the experts added.
“Our analysis revealed that upon installation of the app, the Xenomorph banking malware is removed from GitHub as a fake Google Service application,” said Zscaler experts.
“It starts with asking users to enable access rights.
“Once provided, it adds itself as a Device Admin and prevents users from disabling Device Admin, allowing it to be removed from the phone.”
If a user has not consented to the application, it can be safely removed.
The alternative is to backup files and factory reset your phone to completely erase the app.