Android Malware Posing as Legitimate Apps, Stealing Bank Account Info


FireEye reports that they have identified an Android malware family named SlemBunk that is actively phishing for specific financial institutions’ customer login credentials. SlemBunk monitors app activity on the phone, and when a targeted bank app is launched it injects a phishing overlay onto the legitimate login screen – stealing any credentials that the user enters.

The SlemBunk malware began targeting foreign financial institutions in 2014, but since 2015 the program has been equipped to target U.S. bank apps. Apps that infect Android phones with SlemBunk are made to appear as common, popular apps, but they run incognito in the background once they’ve been opened. Once running, the program starts looking out for activity from a targeted banking app. Luckily, users can only be infected if they’ve downloaded the spoofed app from a malicious website.

So how do you avoid an infection? Google monitors for criminal apps on the Google Play app store and kicks out malicious apps, but other websites do not. Remember:

  1. Never download apps from other websites (this is called a “sideload”).

  2. Keep your device updated with the latest version of its operating system, both phones and tablets.

  3. Do not tap (click) on text messages and emails you did not expect or that are suspicious. True for iPhones too!

Of course, hackers are leveraging increasingly sophisticated social engineering tactics to get at your data. Phishing goes far beyond spoofed applications. The best way to protect your business is to empower your employees with the skills to spot and avoid social engineering tactics. Liberty Technology can help you with our “Securing the Human” person-centric security training.

Call Liberty Technology at (770) 229-9424 and ask how you can get a no-hassle email security audit to find out how safe your business really is.