FireEye IT security firm has discovered Android malware apps that can masquerade as the most popular financial applications including world’s biggest banks.
In total, the security firm found Android apps from 33 financial institutions masquerading for the purpose of stealing financial data. These apps come from a family of Trojan apps known as “SlemBunk” and are found in North America, Europe and Asia-Pacific region till now. These apps don’t only have the ability to phish but also harvest credentials of the banking apps upon launch, according to the security firm.
Researchers didn’t find these apps on Google Play (which is a good thing) but have found these apps available on different malicious websites and if they are downloaded by anyone, it can perform a range of functions inside the phone. Like it can detect the launch of legitimate apps and can replace the interface with the fake interface for stealing the credentials, once it gets the credentials it sends back the stolen credentials to a remote command-and-control (CnC) server. Furthermore, it can receive and execute commands through text messages and network traffic.
Slembunk, since its launch, has improved vastly in terms of its characteristics. Initially, it’s the only goal was to have financial gains but now it’s interested in user data too which is evident from it’s characteristic of steal data from social media, utility and instant messaging apps.
SlemBunks primary targets are Australian banks followed by banks from U.S.
“The rise and evolution of the SlemBunk Trojan clearly indicate that mobile malware has become more sophisticated and targeted, and involves more organised efforts. To stay protected from such threats, it is recommended that users keep their Android devices updated and refrain from installing apps that are not a part of the official app store,” said the vendor in a statement.
HackRead advices its readers not to install third party apps and keep your Android devices updated to the latest OS version.