Android Trojans imitates legitimate apps

SlemBunk family of Trojans designed to imitate financial services apps
Android Trojans imitates legitimate apps, Research, Surveys


FireEye recently identified a series of Android Trojan apps that are designed to imitate the legitimate apps of 33 financial management institutions and service providers across the globe, including some of the biggest banks in the world.

Known as ‘SlemBunk', this family of Trojan apps has been observed covering North America, Europe, and the Asia Pacific region. SlemBunk apps masquerade as common, popular applications and stay incognito after running for the first time. They have the ability to phish for and harvest authentication credentials when specified banking and other similar apps are launched, FireEye said.

While instances of SlemBunk have not been observed on Google Play, users will get infected if the malware is downloaded from a malicious website. SlemBunk samples exhibit a range of characteristics such as running in the background and monitoring the active running processes, detecting the launch of specified legitimate apps and intelligently displaying corresponding fake login interfaces, hijacking user credentials and transmitting to a remote command-and-control (CnC) server, harvesting and exfiltrating sensitive device information to the CnC servers, receiving and executing remote commands sent through text messages and network traffic, and persisting on the infected device via device administrator privilege.

Continues on next page

Since its debut, SlemBunk has gone through several iterations, with each one raising the bar of sophistication by adding more advanced capabilities. While financial gain is the primary goal of this malware, SlemBunk is also interested in user data. This is reflected by its attempt to hijack the login credentials of high-profile Android applications, including popular social media apps, utility apps and instant messaging apps. Among all the specified apps, banks in Australia are among SlemBunk's favourites, with banks in the United States coming in second.

"The rise and evolution of the SlemBunk Trojan clearly indicates that mobile malware has become more sophisticated and targeted, and involves more organised efforts. To stay protected from such threats, it is recommended that users keep their Android devices updated and refrain from installing apps that are not a part of the official app store," said the vendor in a statement.


Webinar #2 | Register to attend - Intergenerational signalling consolidation for the 5G era

Join CommsMEA, Deutsche Telekom and NetNumber as they explore opportunities for intergenerational signalling consolidation for the 5G era. The webinar is free but can only be accessed by registering below in advance.

Editor's Choice

Emerson expands analytics platform for industrial enterprise-level wireless infrastructure management
Plantweb Insight platform adds two new Pervasive Sensing applications that manage wireless networks more efficiently with a singular interface to the enterprise
Digitalisation seen as a competitive advantage by Middle East private businesses
Nearly 80 per cent of private business leaders acknowledge that digitalisation can impact business sustainability
Etisalat introduces Multi-Access Edge Computing architecture delivering best-in-class video streaming performance for 5G networks
MEC architecture achieves performance gains of as much as 90% in video streaming, validating how ultra-low-latency applications will be delivered over 4G and 5G networks

Most popular

Don't Miss a Story