MADISON, Wis. (1/13/10)--Credit unions sounded the alarm that suspicious applications downloaded from Google's Android Market for cellphones may have stolen users' online banking information. And the Credit Union Information Security Professionals Association (CUISPA) is alerting credit unions to a fraud attempt in the online banking arena. BayPort CU, a $1.1 billion credit union in Newport News, Va., and First Tech CU of Beaverton, Ore., issued warnings on Dec. 22 about a rogue Android application on Google's online market that promised members easy access to their online banking (Computerworld Jan. 12 and iPhone Central Jan. 11). "It is believed that fraudsters deployed fraudulent mobile banking applications to the Android Marketplace, using a phishing technique to attempt to gain access to mobile banking users' financial information," said BayPort's alert. The suspicious application creates mobile banking apps that members and other users can download to their phones but actually have the ability to steal information. Those who have added the apps should go to their mobile service provider to make ensure the suspicious apps are removed for good. BayPort said it notified Google, and Google removed the program plus 50 similar apps, all written by a single developer identified as "09Droid." However, security researchers have not confirmed whether the Android apps were actually malicious because before they could get copies of the suspicious apps, Google removed them from the market, according to ComputerWorld. The apps could just be someone using a shortcut app to make a quick buck, said the researchers. Google does not vet its Android applications that appear on its online store. Apple runs its App Store for the iPhone and has an approval process for mobile applications. Another kind of fraud in online banking--the Zeus or Zbot--was the topic of warning from CUISPA. The Zbot is a "particularly nasty malware that is bypassing top antivirus/Malware scanners and compromising member accounts," said CUISPA's alert. "Cases have been identified by dozens of credit unions, that we know of. One can assume it is far more widespread than we've currently seen," said Kelly Dowell, executive director at CUISPA. "The malware infects desktops the same way viruses do, but once infected it is very difficult to remove. Initial reports have come in from credit union members that logged into online banking and received a display page asking for additional authentication in the form of credit card information. The key here is the page was displayed after logging into their home banking accounts," said Dowell. "It's important to understand that if the user is seeing that page, the damage is done. The online banking credentials have been compromised and need to be changed immediately," Dowell explained. "The nasty thing about Zeus/Zbot is how it has been morphing or evolving," said Dowell, adding that it hides its presence on the member's machine. It is the same attack that is behind a recent flurry of automated clearinghouse (ACH) fraud. CUISPA has a full report available. Use the link and view the Alerts Forum. Registration for the alerts is free and required to review the report, Dowell said.