I saw reports of an Android Trojan family called SlemBunk that has the ability to appear as a legitimate app and...
remain incognito after executing for the first time, giving it the ability to continually collect user credentials. How dangerous is this Android Trojan for mobile users? What security measures or tools can prevent SlemBunk from succeeding?
Mobile malware continues to get significant attention as more financial transactions are performed on mobile devices. Mobile devices have many security advantages over traditional PCs, but share many of the same limitations that continue to cause challenges for users. Researchers from FireEye identified SlemBunk and reported that the Android Trojan is loaded onto devices through abuse of enterprise app store functionality, via sideloading and third-party app stores. It hasn't yet been detected in the Google Play store. A victim is enticed into installing an Adobe Flash update after visiting a website. The victim then installs the malware. Once the malware is installed and runs, it sends device configuration data to a central C&C and then starts monitoring for certain banking applications. It is reported to have copied targeted banking applications, so that a user could be tricked into entering their authentication credentials into the malicious app. The malware authors put significant effort into copying the user interface of the targeted apps to minimize the chance the victim would realize it wasn't the legitimate app requesting their user login.
A user could check the app to see if it has been signed by a trusted certificate or a certificate that corresponds to the targeted organization, but few users check this after the software has been installed. Users can check if the app is legitimate when downloading the app from the app store, but since it isn't the Google Play store, the app store might not display that the app was not published by Adobe and is not a Flash Update. FireEye has tools that can block the Android Trojan over the network or on the endpoint, and other network and endpoint security tools can include protections, since FireEye shared indicators of compromise.
Find out what the top five mobile security deal breakers are
Read about how enterprises can defend against fake apps
Learn about Android application security challenges and improvements
Dig Deeper on Mobile security threats and prevention
Related Q&A from Nick Lewis
Zscaler recently discovered a malvertising campaign that spreads the Terror exploit kit through malicious ads. Discover more about the threat with ... Continue Reading
Cybersecurity vendor Wordfence reported a rise in scans for SSH private keys that are often accidentally exposed to the public. Learn how to stay ... Continue Reading
The SANS Internet Storm Center discovered a DDE attack spreading Locky ransomware through Microsoft Word. Learn what a DDE attack is and how to ... Continue Reading
Have a question for an expert?
Please add a title for your question
Get answers from a TechTarget expert on whatever's puzzling you.