New family of Android Trojans imitates legitimate apps

SlemBunk family of Trojans designed to imitate financial services apps, among others, says FireEye

Tags: FireEye (www.fireeye.com)Google Android
  • E-Mail
New family of Android Trojans imitates legitimate apps The family of Trojan apps has been observed covering North America, Europe, and the Asia Pacific region
By  Tom Paye Published  December 27, 2015

FireEye recently identified a series of Android Trojan apps that are designed to imitate the legitimate apps of 33 financial management institutions and service providers across the globe, including some of the biggest banks in the world.

Known as ‘SlemBunk', this family of Trojan apps has been observed covering North America, Europe, and the Asia Pacific region. SlemBunk apps masquerade as common, popular applications and stay incognito after running for the first time. They have the ability to phish for and harvest authentication credentials when specified banking and other similar apps are launched, FireEye said.

While instances of SlemBunk have not been observed on Google Play, users will get infected if the malware is downloaded from a malicious website. SlemBunk samples exhibit a range of characteristics such as running in the background and monitoring the active running processes, detecting the launch of specified legitimate apps and intelligently displaying corresponding fake login interfaces, hijacking user credentials and transmitting to a remote command-and-control (CnC) server, harvesting and exfiltrating sensitive device information to the CnC servers, receiving and executing remote commands sent through text messages and network traffic, and persisting on the infected device via device administrator privilege.

Since its debut, SlemBunk has gone through several iterations, with each one raising the bar of sophistication by adding more advanced capabilities. While financial gain is the primary goal of this malware, SlemBunk is also interested in user data. This is reflected by its attempt to hijack the login credentials of high-profile Android applications, including popular social media apps, utility apps and instant messaging apps. Among all the specified apps, banks in Australia are among SlemBunk's favourites, with banks in the United States coming in second.

"The rise and evolution of the SlemBunk Trojan clearly indicates that mobile malware has become more sophisticated and targeted, and involves more organised efforts. To stay protected from such threats, it is recommended that users keep their Android devices updated and refrain from installing apps that are not a part of the official app store," said the vendor in a statement.

 

Add a Comment

Your display name This field is mandatory

Your e-mail address This field is mandatory (Your e-mail address won't be published)

Security code