I saw reports of an Android Trojan family called SlemBunk that has the ability to appear as a legitimate app and...
By submitting your personal information, you agree that TechTarget and its partners may contact you regarding relevant content, products and special offers.
remain incognito after executing for the first time, giving it the ability to continually collect user credentials. How dangerous is this Android Trojan for mobile users? What security measures or tools can prevent SlemBunk from succeeding?
Mobile malware continues to get significant attention as more financial transactions are performed on mobile devices. Mobile devices have many security advantages over traditional PCs, but share many of the same limitations that continue to cause challenges for users. Researchers from FireEye identified SlemBunk and reported that the Android Trojan is loaded onto devices through abuse of enterprise app store functionality, via sideloading and third-party app stores. It hasn't yet been detected in the Google Play store. A victim is enticed into installing an Adobe Flash update after visiting a website. The victim then installs the malware. Once the malware is installed and runs, it sends device configuration data to a central C&C and then starts monitoring for certain banking applications. It is reported to have copied targeted banking applications, so that a user could be tricked into entering their authentication credentials into the malicious app. The malware authors put significant effort into copying the user interface of the targeted apps to minimize the chance the victim would realize it wasn't the legitimate app requesting their user login.
A user could check the app to see if it has been signed by a trusted certificate or a certificate that corresponds to the targeted organization, but few users check this after the software has been installed. Users can check if the app is legitimate when downloading the app from the app store, but since it isn't the Google Play store, the app store might not display that the app was not published by Adobe and is not a Flash Update. FireEye has tools that can block the Android Trojan over the network or on the endpoint, and other network and endpoint security tools can include protections, since FireEye shared indicators of compromise.
Find out what the top five mobile security deal breakers are
Read about how enterprises can defend against fake apps
Learn about Android application security challenges and improvements
Dig Deeper on Mobile security threats and prevention
Related Q&A from Nick Lewis
Threat actors are using phishing email campaigns to fool users with tech support scams and fake Blue Screens of Death. Learn how these campaigns work...continue reading
The GD library used in the Junos operating system has opened Junos up to attacks. Nick Lewis explains how it happened and what it means for companies...continue reading
Antivirus software is crucial to your device's security. However, less is often more, especially when considering a secondary free antivirus program....continue reading
Have a question for an expert?
Please add a title for your question
Get answers from a TechTarget expert on whatever's puzzling you.