Researchers at security company FireEye found Android trojan apps designed to “imitate the legitimate apps of 33 financial management institutions and service providers” in North America, Europe and Asia Pacific.
The trojan apps, dubbed “SlemBunk” by the company, copy the legitimate offerings from some of the biggest banks in the world as well as two popular mobile payment providers.
They masquerade as popular apps and can “phish for and harvest authentication credentials when specified banking and other similar apps are launched.”
These apps do not exist on Google Play, so users will only get infected if the malware is “sideloaded” or downloaded from a malicious website. For instance, certain websites may ask users to download an Adobe Flash update, which actually downloads malware.
While FireEye believes financial gain by stealing user data such as credit card or bank account details is the primary goal, it added that SlemBunk is also interested in other user data. This includes the login credentials of high profile apps, including popular social media apps, utility apps and instant messaging apps.
Since its debut, SlemBunk has gone through several iterations, with each one raising the bar of sophistication by adding more advanced capabilities, FireEye added.
“The rise and evolution of the SlemBunk trojan indicates that mobile malware has become more sophisticated and targeted, and involves more organised efforts. We have already seen crackdowns on malware campaigns targeting mobile banking users, but we do not expect this type of activity to go away anytime soon,” the report observed.
Users can protect themselves by only downloading apps from official app stores and keeping their devices updated.