According to a recent report by the FireEye IT security firm, several fake Android applications are masquerading as 33 financial institutions for the purpose of stealing financial data. These apps come from a family of Trojans known as SlemBunk and until now were found in North America, Europe and the Asia-Pacific region. They not only have the ability to phish for information, but also harvest banking credentials upon launch, according to the security firm.
The app's modus operandi is as follows: It requests permission to be the device administrator, then its fake app icons disappear, but continue to run in the background. When a financial company or mobile payment app is opened, the malware then asks the user to input their credentials. In some cases, credentials are requested twice. Once it gets the credentials it sends them back to a remote command-and-control (CnC) server. Furthermore, it can receive and execute commands through text messages and network traffic.
Analyst comment:
The latest series of malware developments highlights the need for Android users to ensure that their apps are downloaded from a trusted source, preferably from the Google Play Store, where apps are vetted and security updates are more readily available.
Clients should also ensure that mobile phone enabled firewall software is installed, in addition to an upgraded anti-virus scanner to mitigate access risks from unauthorized sources. Always keep a close track on financial transactions and report any suspicious activity to the bank immediately.
Clients should also frequently change passwords as a basic security precaution. According to the anti-virus firm Kaspersky’s Security Bulletin Overall Statistics Report for 2015, mobile financial threats have entered the top ten list of malicious programs designed to steal money.