Android Trojans imitates legitimate apps

SlemBunk family of Trojans designed to imitate financial services apps
Android Trojans imitates legitimate apps, Research, Surveys


FireEye recently identified a series of Android Trojan apps that are designed to imitate the legitimate apps of 33 financial management institutions and service providers across the globe, including some of the biggest banks in the world.

Known as ‘SlemBunk', this family of Trojan apps has been observed covering North America, Europe, and the Asia Pacific region. SlemBunk apps masquerade as common, popular applications and stay incognito after running for the first time. They have the ability to phish for and harvest authentication credentials when specified banking and other similar apps are launched, FireEye said.

While instances of SlemBunk have not been observed on Google Play, users will get infected if the malware is downloaded from a malicious website. SlemBunk samples exhibit a range of characteristics such as running in the background and monitoring the active running processes, detecting the launch of specified legitimate apps and intelligently displaying corresponding fake login interfaces, hijacking user credentials and transmitting to a remote command-and-control (CnC) server, harvesting and exfiltrating sensitive device information to the CnC servers, receiving and executing remote commands sent through text messages and network traffic, and persisting on the infected device via device administrator privilege.

Continues on next page

Since its debut, SlemBunk has gone through several iterations, with each one raising the bar of sophistication by adding more advanced capabilities. While financial gain is the primary goal of this malware, SlemBunk is also interested in user data. This is reflected by its attempt to hijack the login credentials of high-profile Android applications, including popular social media apps, utility apps and instant messaging apps. Among all the specified apps, banks in Australia are among SlemBunk's favourites, with banks in the United States coming in second.

"The rise and evolution of the SlemBunk Trojan clearly indicates that mobile malware has become more sophisticated and targeted, and involves more organised efforts. To stay protected from such threats, it is recommended that users keep their Android devices updated and refrain from installing apps that are not a part of the official app store," said the vendor in a statement.


Editor's Choice

Etisalat and Huawei complete industry's first trial of ‘Compact Optical Cross-Connect’
The trial of ‘OptiXtrans series OSN 9800 P32C’ cements Etisalat's leading position in technological innovation of transport networks and promotes application of OXC solution
UAE tech talents to represent nation in Huawei ICT Competition regional final
Winners will travel to China to compete against international finalists from around the Middle East region
Simplifying eight key authentication terms
Axel Hauer director EMEA Enterprise Sales, IAMS at HID Global looks at authentication in simpler terms

Most popular

Don't Miss a Story