Researchers at security firm FireEye have uncovered a family of malicious apps which they say are looking to imitate some of the world’s leading banking apps in order to steal personal details from customers.
The so-called ‘SlemBunk’ family looks to imitate the legitimate apps of 33 financial management institutions and service providers across the globe, particularly in North America, Europe, and the Asia Pacific region.
So far, FireEye has detected over 170 different samples of the malware, with some of the apps still operational today, including 31 banks across the globe – some of which are among the biggest banks in the world – as well as users of two popular mobile payment service provider apps.
The apps detect when specific banking or other similar apps are launched, leaping into action to phish for and harvest authentication credentials by displaying a fake login interface when a specified app is running in the foreground.
FireEye also says that it has not detected any SlemBunk apps appearing on Google Play, meaning that users will only get infected if the malware is sideloaded or downloaded from a malicious website.
Some of the newer versions of SlemBunk were observed being distributed via porn websites, as users who visit these sites are incessantly prompted to download a malicious Adobe Flash update containing the malware to continue viewing.
“The rise and evolution of the SlemBunk trojan clearly indicates that mobile malware has become more sophisticated and targeted, and involves more organised efforts,” FireEye wrote in a blog post detailing the attacks.
“We have already seen crackdowns on malware campaigns targeting mobile banking users, but we do not expect this type of activity to go away anytime soon.”
What do you know about famous hackers? Take our quiz!
Suspended prison sentence for Craig Wright for “flagrant breach” of court order, after his false…
Cash-strapped south American country agrees to sell or discontinue its national Bitcoin wallet after signing…
Google's change will allow advertisers to track customers' digital “fingerprints”, but UK data protection watchdog…
Welcome to Silicon In Focus Podcast: Tech in 2025! Join Steven Webb, UK Chief Technology…
European Commission publishes preliminary instructions to Apple on how to open up iOS to rivals,…
San Francisco jury finds Nima Momeni guilty of second-degree murder of Cash App founder Bob…