Urgent warning for Android owners over one malicious app

Android device owners are being warned of a malicious app that may be accessing personal banking information.

Cyber experts warn the seemingly innocent to-do list application, known as the Todo: Day Manage, may be stealing your banking login.

Their advice: check your phone immediately to make sure it is not installed.

Watch the latest News on Channel 7 or stream for free on 7plus >>

According to researchers at Zscaler ThreatLabz, the app installs a banking Trojan malware called Xenomorph.

This malware is designed to hijack your login info from your banking apps.

It can even read your SMS messages, researchers say.

It may also allow the app to intercept your two-factor verification codes.

“This is the latest in a disturbing string of hidden malware in the Google Play Store,” the Zscaler cyber experts warned.

The Android app also makes itself intentionally difficult to delete, the experts added.

“Our analysis found that the Xenomorph banking malware is dropped from GitHub as a fake Google Service application upon installation of the app,” Zscaler experts said.

“It starts with asking users to enable access permission.

“Once provided, it adds itself as a device admin and prevents users from disabling Device Admin, making it uninstallable from the phone.”

If a user has not given permission to the application then it can be uninstalled safely.

The alternative is backing up files and factory resetting your phone to clear the app completely.