Wema Bank has warned customers against downloading fake mobile applications disguised as legitimate services, saying cybercriminals are increasingly using them to steal banking details, intercept one-time passwords (OTPs), and carry out unauthorised transactions.
In an advisory issued to customers on Thursday, the bank said fraudsters are using fake advertisements and pop-up prompts on social media, websites, emails, and messaging platforms to trick users into installing malicious applications.
According to the bank, the malware is often disguised as sports betting, live score, streaming, utility, banking support, or phone update apps. Once installed, it can take control of a user’s mobile device, steal banking credentials and transaction PINs, intercept SMS messages and one-time passwords, and initiate unauthorised transactions through the customer’s registered mobile banking profile.
Wema Bank advised customers to download applications only from official platforms such as the Google Play Store and Apple App Store and to avoid installing apps through links or pop-up advertisements.
The bank also urged customers to be cautious of unexpected prompts requesting system updates or security verification, regularly review and remove unfamiliar applications from their devices, and keep their operating systems and security software updated.
It advised customers who notice suspicious activity or unauthorised transactions to disconnect their devices from the internet immediately, contact the bank, and report the incident.
The lender encouraged customers and financial institutions to report suspected phishing attempts and spam messages to their respective fraud or information security teams to help combat cyber fraud across the financial services sector.











