We have detected a phishing campaign targeting Android developers who are publishing their creations in Google Play, Android’s official app store. The form field in the email comes from “Play Developer Support”, with the subject “Update your Account Information”, as you can see in the following screenshot.
Phishing attacks are designed to steal credentials and users’ identity, that’s why they are extremely popular targeting financial entities and all kind of payment platforms’ customers. This case, however, it is different in the sense that they are not looking to siphon the victims account, the want those credentials because they can use them to spread malware through Google Play.
