Ecobank Warns Customers About Fake Mobile Apps Stealing Banking Details
Ecobank Warns Customers About Fake Mobile Apps Stealing Details

Ecobank has issued a security advisory warning its customers about fraudsters using fake mobile applications to steal banking credentials and intercept one-time passwords (OTPs). The bank identified fake sports betting, streaming, banking support, and phone update apps as common disguises used by cybercriminals.

How the Malware Works

In a message to customers, the bank explained that these fraudulent apps are circulated through fake advertisements and pop-up prompts across social media platforms, websites, and messaging applications. Once installed, the malware can seize control of the device without the customer's knowledge. The software can harvest banking login credentials and transaction PINs, intercept incoming SMS messages and OTPs, and execute unauthorised transactions through the customer's registered mobile banking profile—all without requiring the fraudster to change the registered device. This makes the fraud harder to detect early, as account holders may not receive the usual alerts associated with a new device login.

Safety Steps Ecobank Recommends

Ecobank advised that banking applications must only be downloaded through official channels, specifically the Google Play Store or Apple App Store. Customers should never install apps via links shared through social media, emails, websites, or messaging platforms. The bank also warned customers to treat any unexpected on-screen prompt requesting 'system updates,' 'security verification,' or similar actions with suspicion, as these are common tactics used to trick users into granting dangerous permissions.

Wide Pickt banner — collaborative shopping lists app for Telegram, phone mockup with grocery list

The advisory further recommended that customers periodically audit the applications installed on their devices, removing anything unfamiliar or no longer in use. Keeping device operating systems and security software updated was also stressed as a critical line of defence. For anyone who notices unusual account activity or a transaction they did not authorise, Ecobank directed customers to disconnect the affected device from the internet immediately, contact their bank without delay, and formally report the incident. The bank also requested that any suspected phishing messages or spam be forwarded to its dedicated reporting address at assist@ecobank.com.

Broader Context: N10 Billion Cyberattack on Hope Payment Service Bank

Earlier, the Federal High Court in Abuja ordered the freezing of 818 bank accounts for an additional 30 days over an alleged N10 billion cyberattack on Hope Payment Service Bank. The accounts were identified during a police investigation into the cyber heist and are suspected to have received proceeds from the attack. The court granted the extension to enable investigators and the bank to trace and recover funds allegedly diverted through the affected accounts following the July cyberattack.

Pickt after-article banner — collaborative shopping lists app with family illustration