Cybersecurity News that Matters

Cybersecurity News that Matters

Fake apps disguised as government programs being employed to steal personal information

Illustration by Daeun Lee, The Readable

by Minkyung Shin

Jul. 08, 2024
9:07 PM GMT+9

Fake applications posing as government programs on Google Play Store, including one named ‘The Gyeonggi Pass,’ falsely promise to support users’ transportation fees while aiming to steal personal information and money, according to a Gyeonggi official.

Locating the city of Seoul in the heart of the area, Gyeonggi-do is the most populated province in South Korea. Just more than 14 million people reside in Gyeonggi province as of December 2023, according to the official statistics of the province, which excludes 9.3 million citizens of Seoul.

On Monday, the Gyeonggi Provincial Office revealed that fake apps impersonating the province’s service program exist in Google Play Store, an application market for Android devices. The app named ‘The Gyeonggi Pass’ falsely claims to support the transportation fees of Gyeonggi citizens. However, the province provides the service through an application called ‘K-Pass’, not ‘The Gyeonggi Pass’.

According to the provincial office, four fake applications were uploaded to the market, one of which has garnered more than 10,000 downloads. The fraudulent application provides information about the supposed benefits of ‘The Gyeonggi Pass’ and responds to user inquiries. However, to access information, users are required to enter personal details. Moreover, during this process, the application prompts users to sign up for payments.

According to a spokesperson from the provincial office, officials have recently received a significant number of complaints about payments made to the app, falsely believed by citizens to be affiliated with Gyeonggi Province. The complainants had already made payments to the fake service and were contacting the office to verify the status of their funds and the legitimacy of the program. However, the spokesperson noted that the exact number of complaints and the total amount of money involved are currently unreported.

The Gyeonggi Provincial Office reported the applications to Google Play for removal, but the market stated they could not take action against the maker because they did not violate any of Google Play’s regulations. Additionally, Google Play does not necessarily disclose the identities of attackers who create fake applications. And in this case, they did not.

The Readable reached out to Park Choon-sik, a professor in the Department of Cybersecurity at Ajou University, for assistance in understanding and gaging the severity of this incident.

Park emphasized the need for stronger regulations to prevent the impersonation of government applications, adding that such measures are essential in safeguarding users from fraudulent activities that could undermine trust in government services.

Park also urged caution on the part of all users when downloading apps, stating, “Not only individuals, but also governments and companies must remain vigilant. Everyone needs to keep an eye out for impersonation and phishing applications, to take a proactive role in ensuring their own safety and the safety of their places of work.”

Related article: Bogus app targets South Korean Android users’ financial information, experts alert

Illustration by Areum Hwang, The Readable

A malicious application disguised as a utility and productivity tool has targeted South Korean Android users, aiming to steal their financial information, including banking usernames and passwords.

On Thursday, the Financial Security Institution (FSI), which is responsible for responding to cyber threats in the financial services sector in South Korea, warned that a bogus application named ‘Anatsa’ has targeted 688 finance-related apps in 54 countries, including South Korea, in an attempt to steal users’ banking and financial information.

Anatsa is an Android-based malicious application, also known as TeaBot, that launched a financial theft attack against European financial applications in early 2021.

According to the FSI, hackers disseminated the Anatsa app by disguising it either as a PDF reader or QR code scanner and then uploading it to Google Play. When users downloaded the app, they encountered no initial difficulties, as it appeared and functioned normally. However, once users responded to a prompt to update the app, the Anatsa malware program was installed. READ MORE


Subscribe to our newsletter for the latest insights and trends. Tailor your subscription to fit your interests:

By subscribing, you agree to our Privacy Policy. We respect your privacy and are committed to protecting your personal data. Your email address will only be used to send you the information you have requested, and you can unsubscribe at any time through the link provided in our emails.

  • Minkyung Shin

    Minkyung Shin serves as a reporting intern for The Readable, where she has channeled her passion for cybersecurity news. Her journey began at Dankook University in Korea, where she pursued studies in...

    View all posts
Stay Ahead with The Readable's Cybersecurity Insights