9 years ago

Evolving Android Trojan Family Targeting Users of Worldwide Banking Apps, Says FireEye

FireEye has recently identified a series of Android Trojan apps that are designed to imitate the legitimate apps of 33 financial management institutions and service providers across the globe, including some of the biggest banks in the world.
Known as “SlemBunk,” this family of Trojan apps has been observed covering North America, Europe, and the Asia Pacific region. SlemBunk apps masquerade as common, popular applications and stay incognito after running for the first time. They have the ability to phish for and harvest authentication credentials when specified banking and other similar apps are launched.

While instances of SlemBunk have not been observed on Google Play, users will get infected if the malware is downloaded from a malicious website. SlemBunk samples exhibit a range of characteristics such as running in the background and monitoring the active running processes, detecting the launch of specified legitimate apps and intelligently displaying corresponding fake login interfaces, hijacking user credentials and transmitting to a remote command-and-control (CnC) server, harvesting and exfiltrating sensitive device information to the CnC servers, receiving and executing remote commands sent through text messages and network traffic, and persisting on the infected device via device administrator privilege.

The rise and evolution of the SlemBunk Trojan clearly indicates that mobile malware has become more sophisticated and targeted, and involves more organized efforts. To stay protected from such threats, it is recommended that users keep their Android devices updated and refrain from installing apps that are not a part of the official app store.