I saw reports of an Android Trojan family called SlemBunk that has the ability to appear as a legitimate app and...
By submitting your personal information, you agree that TechTarget and its partners may contact you regarding relevant content, products and special offers.
remain incognito after executing for the first time, giving it the ability to continually collect user credentials. How dangerous is this Android Trojan for mobile users? What security measures or tools can prevent SlemBunk from succeeding?
Mobile malware continues to get significant attention as more financial transactions are performed on mobile devices. Mobile devices have many security advantages over traditional PCs, but share many of the same limitations that continue to cause challenges for users. Researchers from FireEye identified SlemBunk and reported that the Android Trojan is loaded onto devices through abuse of enterprise app store functionality, via sideloading and third-party app stores. It hasn't yet been detected in the Google Play store. A victim is enticed into installing an Adobe Flash update after visiting a website. The victim then installs the malware. Once the malware is installed and runs, it sends device configuration data to a central C&C and then starts monitoring for certain banking applications. It is reported to have copied targeted banking applications, so that a user could be tricked into entering their authentication credentials into the malicious app. The malware authors put significant effort into copying the user interface of the targeted apps to minimize the chance the victim would realize it wasn't the legitimate app requesting their user login.
A user could check the app to see if it has been signed by a trusted certificate or a certificate that corresponds to the targeted organization, but few users check this after the software has been installed. Users can check if the app is legitimate when downloading the app from the app store, but since it isn't the Google Play store, the app store might not display that the app was not published by Adobe and is not a Flash Update. FireEye has tools that can block the Android Trojan over the network or on the endpoint, and other network and endpoint security tools can include protections, since FireEye shared indicators of compromise.
Find out what the top five mobile security deal breakers are
Read about how enterprises can defend against fake apps
Learn about Android application security challenges and improvements
Dig Deeper on Smartphone and PDA Viruses and Threats-Setup and Tools
Related Q&A from Nick Lewis
Locky ransomware has, again, changed tactics by moving to using LNK files for distribution. Expert Nick Lewis explains how enterprises can adjust ...continue reading
Hajime malware was discovered to have links to the Mirai botnet that launched powerful DDoS attacks last year. Expert Nick Lewis explains how Hajime ...continue reading
Drammer, or a deterministic Rowhammer attack, was found to be more effective on ARM-based mobile devices. Expert Nick Lewis explains the issue with ...continue reading
Have a question for an expert?
Please add a title for your question
Get answers from a TechTarget expert on whatever's puzzling you.