FireEye recently identified a series of Android Trojan apps that are designed to imitate the legitimate apps of 33 financial management institutions and service providers across the globe, including some of the biggest banks in the world.
Known as ‘SlemBunk', this family of Trojan apps has been observed covering North America, Europe, and the Asia Pacific region. SlemBunk apps masquerade as common, popular applications and stay incognito after running for the first time. They have the ability to phish for and harvest authentication credentials when specified banking and other similar apps are launched, FireEye said.
While instances of SlemBunk have not been observed on Google Play, users will get infected if the malware is downloaded from a malicious website. SlemBunk samples exhibit a range of characteristics such as running in the background and monitoring the active running processes, detecting the launch of specified legitimate apps and intelligently displaying corresponding fake login interfaces, hijacking user credentials and transmitting to a remote command-and-control (CnC) server, harvesting and exfiltrating sensitive device information to the CnC servers, receiving and executing remote commands sent through text messages and network traffic, and persisting on the infected device via device administrator privilege.
Continues on next page
Since its debut, SlemBunk has gone through several iterations, with each one raising the bar of sophistication by adding more advanced capabilities. While financial gain is the primary goal of this malware, SlemBunk is also interested in user data. This is reflected by its attempt to hijack the login credentials of high-profile Android applications, including popular social media apps, utility apps and instant messaging apps. Among all the specified apps, banks in Australia are among SlemBunk's favourites, with banks in the United States coming in second.
"The rise and evolution of the SlemBunk Trojan clearly indicates that mobile malware has become more sophisticated and targeted, and involves more organised efforts. To stay protected from such threats, it is recommended that users keep their Android devices updated and refrain from installing apps that are not a part of the official app store," said the vendor in a statement.