VPN Articles and News

New Android Trojan Targets Banking Users

Wednesday, July 6th, 2016

Security experts have come across a new series of security threats which are capable of stealing banking and financial information from Android based Smartphones and tablets. Dubbed as SlemBunk, the family of trojans was first discovered by the security firm FortiNet and later analyzed in detail by FireEye Inc. As per the details provided by FireEye, SlemBunk has affected users of 31 banks, 33 financial organizations as well as two different payment systems in the last one year. And while the trojan has targeted Android users from all over the world, users from United States, Europe and Australia are most vulnerable to it.

Like many other mobile malwares and trojans, SlemBunk masquerades as a popular app on third party Android app stores. In addition, users visiting adult websites through their mobile devices could be tricked into installing the trojan via a fake Flash Player update which promises access to adult content. Once the trojan has been installed, it starts collecting information like phone number associated with the device, model number of the device, list of apps installed, bank login credentials, social networking login information, messages stored on the device as well as contact lists stored on the device. What’s worse, SlemBunk can even gain administrator privilege, watch over processes running on the infected device, inject sophisticated login pages into legitimate banking apps and send the stolen information to a remote Command and Control server.

As per FireEye, SlemBunk has witnessed several iterations over the last one year. The initial versions of the trojan were designed for stealing social networking login credentials but the latest iterations can not only steal banking and financial information, they can even receive instructions from a remote server and execute commands on the infected device. FireEye says that it has come across 170 different variations of SlemBunk trojan. The company also says that the code of the trojan (including Command and Control server information) is constantly being updated by the attackers which indicates that the trojan is still very much active and infecting a large number of users.

FireEye has also published a detailed blog post regarding the working of SlemBunk trojan on its website. As per the blog post, after a device has been infected with the trojan, it performs a series of actions including activation of registered receiver, running of monitoring services in the background as well as tricking users into downloading a fake Flash Player update. The trojan also requests for admin access and upon receiving it, removes its icon but continues to run in the background. The trojan even includes sophisticated user Interfaces which mimic login pages of popular banking apps and get activated as soon as they are launched.

Since the SlemBunk trojan masquerades as a popular app on third party app stores, the best way to remain safe from the vulnerability is to download apps only from the official Google Play store. Additionally, you should have a reliable security system on your Smartphone or tablet and must never allow websites to install questionable apps or software updates on your mobile device.

July 6, 2016

Leave a Reply

Your email address will not be published. Required fields are marked *

7 + 6 =