Mobile Banking Users Warned Over Fake Android Apps

Researchers at security firm FireEye have uncovered a family of malicious apps which they say are looking to imitate some of the world’s leading banking apps in order to steal personal details from customers.

The so-called ‘SlemBunk’ family looks to imitate the legitimate apps of 33 financial management institutions and service providers across the globe, particularly in North America, Europe, and the Asia Pacific region.

So far, FireEye has detected over 170 different samples of the malware, with some of the apps still operational today, including 31 banks across the globe – some of which are among the biggest banks in the world – as well as users of two popular mobile payment service provider apps.

Targeted

FireEye says that the SlemBunk apps often disguise themselves as other common, popular applications, and are able to stay hidden after running for the first time.

The apps detect when specific banking or other similar apps are launched, leaping into action to phish for and harvest authentication credentials by displaying a fake login interface when a specified app is running in the foreground.

FireEye also says that it has not detected any SlemBunk apps appearing on Google Play, meaning that users will only get infected if the malware is sideloaded or downloaded from a malicious website.

Some of the newer versions of SlemBunk were observed being distributed via porn websites, as users who visit these sites are incessantly prompted to download a malicious Adobe Flash update containing the malware to continue viewing.

“The rise and evolution of the SlemBunk trojan clearly indicates that mobile malware has become more sophisticated and targeted, and involves more organised efforts,” FireEye wrote in a blog post detailing the attacks.

“We have already seen crackdowns on malware campaigns targeting mobile banking users, but we do not expect this type of activity to go away anytime soon.”

What do you know about famous hackers? Take our quiz!