I saw reports of an Android Trojan family called SlemBunk that has the ability to appear as a legitimate app and...
By submitting your personal information, you agree that TechTarget and its partners may contact you regarding relevant content, products and special offers.
remain incognito after executing for the first time, giving it the ability to continually collect user credentials. How dangerous is this Android Trojan for mobile users? What security measures or tools can prevent SlemBunk from succeeding?
Mobile malware continues to get significant attention as more financial transactions are performed on mobile devices. Mobile devices have many security advantages over traditional PCs, but share many of the same limitations that continue to cause challenges for users. Researchers from FireEye identified SlemBunk and reported that the Android Trojan is loaded onto devices through abuse of enterprise app store functionality, via sideloading and third-party app stores. It hasn't yet been detected in the Google Play store. A victim is enticed into installing an Adobe Flash update after visiting a website. The victim then installs the malware. Once the malware is installed and runs, it sends device configuration data to a central C&C and then starts monitoring for certain banking applications. It is reported to have copied targeted banking applications, so that a user could be tricked into entering their authentication credentials into the malicious app. The malware authors put significant effort into copying the user interface of the targeted apps to minimize the chance the victim would realize it wasn't the legitimate app requesting their user login.
A user could check the app to see if it has been signed by a trusted certificate or a certificate that corresponds to the targeted organization, but few users check this after the software has been installed. Users can check if the app is legitimate when downloading the app from the app store, but since it isn't the Google Play store, the app store might not display that the app was not published by Adobe and is not a Flash Update. FireEye has tools that can block the Android Trojan over the network or on the endpoint, and other network and endpoint security tools can include protections, since FireEye shared indicators of compromise.
Find out what the top five mobile security deal breakers are
Read about how enterprises can defend against fake apps
Learn about Android application security challenges and improvements
Dig Deeper on Mobile security threats and prevention
Related Q&A from Nick Lewis
Cross-platform malware enables attackers to leverage their attacks using infected Microsoft Word docs. Expert Nick Lewis explains how the attacks ...continue reading
How was the ATMitch malware able to loot cash machines, then delete itself? Expert Nick Lewis explains how the fileless malware works and how it ...continue reading
DoubleAgent malware is a proof of concept for a zero-day vulnerability that can turn antivirus tools into attack vectors. Expert Nick Lewis explains ...continue reading
Have a question for an expert?
Please add a title for your question
Get answers from a TechTarget expert on whatever's puzzling you.