android systems SlemBunk malware

[SURbit]

SlemBunk malware for Android is stealing Bank details !

Android users all over the world have been falling victims to a new type of malware that the cybersecurity
firm FireEye is calling SlemBunk.
The dangerous malware is a type of Trojan that (having been launched for the first time) runs in the
background at all times – ready to steal the banking credentials of unsuspecting Android users,

 

""‘When the app is launched for the first time, it activates the registered receiver,
which subsequently starts the monitoring service in the background.""

 

According to FireEye, the nasty payload gets onto Android systems by posing as either an update for popular
messaging software WhatsApp or a Flash update
(that users have been picking up at purposefully infected pornography websites.)
Once downloaded, the malicious software has the capability to pose as legitimately initiated banking apps
thereby stealing one time passwords, login details and other sensitive online banking details.

 

So far, the malware has been analysed by researchers (in real world cases) around 170 times.
During that time, FireEye has noticed that the software’s developer has been carefully updating the Trojan
to successfully mimic a growing number of financial institution’s systems.

 

The most recent update that FireEye has discovered is feared to be able to steal user inputted data from
the legitimate apps of up to 31 different banks and two mobile payment service providers.
Alarmingly, SlemBunk has been found guilty of stealing banking details from Android users in the US,
Europe and Asia Pacific (including targeting many Australian banks) – making it a dangerously widespread
cyber attack.

 

According to researchers at FireEye the trojan’s sophistication makes it very hard to detect.
Primarily because the criminal developer has taken a lot of care to make it seem legitimate,

 

""‘We noticed the SlemBunk authors have invested time in making sure that the look and feel of the phishing
UI closely resemble that of the original. In some instances, the phishing interface requests that the user
types in their credentials twice rather than once. It also forces the user to go through a fake verification
process, which we suspect is to increase the user’s confidence in its authenticity.""

 

It would also appear that the cybercriminal that developed SlemBunk is interested in more than just financial
gains.
The new class of Trojan having also been found to be stealing the login details of many popular Android apps –
‘Including popular social media apps, utility apps and instant messaging apps’ – the firm says.
Other details that have so far been stolen by the Trojan include telephone numbers, installed apps list,
device model and OS version, revealing the great depth and breadth of information that the sophisticated malware
is taking.

 

Describing the technical details about how the software works, FireEye explains that ‘the core objective of
SlemBunk is to phish for authentication credentials – primarily for financial institutions – by pushing a fake
login interface when a specified app is running in the foreground.’
It achieves this by sending user inputted data back to a remote ‘Command and Control’ (CnC) server – which FireEye
has discovered is altering its location over time.

 

The CnC server communicates and controls the malware remotely via HTTP and SMS enabling it to get ‘regular status
reports’ amongst other command controls.
Another problem is that the malware takes on administrator privileges making the malware extremely stubborn and
successful at its primary job of phishing.

 

As is always the case when malware like this pops up, users are advised to take care of where they get their apps
from – as well as which websites they choose to frequent.
If you do visit any sites that you fear may have become infected by a cyber criminal, be aware, and be careful to
avoid mistakenly accepting any malware posing as a Flash update.
Instead, always update your version of Flash from the correct distributor Adobe. If you stick to these rules
(and like FireEye rightly suggests) keep to proper App stores – also making sure to regularly update your version
of Android – you should be able to avoid the dangers posed by SlemBunk.

 

CREDIT: https://www.bestvpn.com/blog/35483/slembunk-malware-for-android-is-stealing-bank-details/

FireEye mobile researchers recently identified a series of Android trojan apps that are designed to imitate the

legitimate apps of 33 financial management institutions and service providers across the globe.

SlemBunk - https://www.fireeye.com/blog/threat-research/2015/12/slembunk_an_evolvin.html

FireEYE - https://www.fireeye.com/