Cybersecurity firm Avast announced at MWC 2018 the results of a new global research study concerning malware, the mobile banking kind, and the results aren’t particularly enthusiastic.

Apparently, some 36% of respondents mistook a fake mobile banking app interface for the real one, which means one in three users might be at risk of having their financial data stolen.

Avast explained it surveyed almost 40,000 consumers in 12 countries around the world, including U.S., UK, France, Germany, Russia, Japan, Mexico, Argentina, Indonesia, Czech Republic, Brazil, and Spain. They were asked to compare the authenticity of official and counterfeit mobile baking apps. Avast used mobile apps for various banks around the world, including Citibank, Wells Fargo, Santander, HSBC, ING, Chase, Bank of Scotland and Sberbank, which happen to have been targeted by cybercriminals.

About two in five survey respondents (43%) said they use mobile apps, Avast reports. 30% of those people who said they don’t bank on mobile devices mentioned the lack of security as the leading concern.
Some 58% of respondents identified the official mobile app as fraudulent, while 36% thought the fake one was the real thing. For Spain, the numbers are at 67% and 27%, respectively. And that’s 40% and 42%, respectively, for US mobile users.

The survey also found that users are more concerned about having their bank account hacked than losing a waller or a purse or having their social media accounts hacked. That’s hardly a surprising finding.

Avast said that mobile malware that targets financial application has increased in sophistication, and hackers are able to create fake landing pages that look like the real thing.

Last November, Avast in cooperation with Eset and SfyLabs discovered a new strain of the BankBot Trojan in the Google Play store, disguised as flashlight and Solitaire apps. Once downloaded, these apps would create a fake overlay on top of a real mobile banking application when the user opened the banking app. The purpose of the fake interface is to collect user data that would then allow hackers to steal credentials.

“We are seeing a steady increase in the number of malicious applications for Android devices that are able to bypass security checks on popular app stores and make their way onto consumers’ phones. Often, they pose as gaming and lifestyle apps and use social engineering tactics to trick users into downloading them”, Senior Vice President and General Manager of Mobile at Avast said.

While Avast singled out Android in the announcement, the company did warn both Android and iPhone users to be extra vigilant when downloading new mobile apps.