• Skip to primary navigation
  • Skip to main content
  • Skip to footer
  • Home
  • Advertise With Us
  • Contact
  • Cookie Policy
    • Privacy statement (CA)
    • Cookie policy (CA)
    • Privacy statement (UK)
    • Cookie policy (UK)
    • Privacy statement (US)
    • Cookie Policy (US)
    • Privacy statement (EU)
    • Cookie policy (EU)
    • Disclaimer

TechWalls

Technology News | Gadget Reviews | Tutorials

  • Reviews
  • Tech News
  • Tech Guide
  • Gadget & Apps

SlemBunk Trojan that targets Android banking users becomes more sophisticated

Updated on Jan 19, 2016 by Guest Authors

Security firm FireEye disclosed in December the details of a Trojan that has been used to attack users of mobile banking apps. Researchers have now discovered the Trojan has become more sophisticated and difficult to detect.

Security researchers believe a well-organized group of attackers has transformed the Trojan into higher sophistication as part of their effort to expand the scope of their malicious campaign. Called SlemBunk, the Trojan is designed to display a bogus user interface on the devices screen after the malicious software detects a running mobile banking app.

dyre-trojan

Unsuspecting users are the more likely victims of this kind of scheme. The Trojan is able to feign the user interfaces of the mobile apps built by more than 30 banks across the world, with the first group of the Trojan being spread as fake copies of the mobile banking apps via a number of third-party app stores.

That means you will not find the apps on Google Play Store and Apple App Store. So basically, only mobile devices that have been rooted or jailbroken are the easy targets of SlemBunk because those devices are configured to install apps downloaded from third-party app stores.

More specifically, attackers use the drive-by download techniques in order to distribute the new versions of the Trojan. Users who visit porn sites are the primary targets. When they open a porn site, they would receive a notification that alerts them to download the updates for their Flash Player and an application programming interface in order to watch the video.

Users with no technical knowledge about what and how a legitimate Flash update is rolled out will certainly believe they are downloading the genuine update just to be able to watch the video later, with no regard for the risk that comes with it.

The native application scanner built into Android and even other legit antivirus apps will have a hard time detecting the APK that comes with the first download because it contains no malicious components, nor does it manifest any signs of malicious activity.

The Trojan hides its features that produce code and store that code in another APK within the device. The first app then loads the second APK into the memory and removed from the file system afterward. The second APK, although it does not show any malicious activities as well, contains the malicious payload.

The purpose of having a layer of steps for the attack is to make the attack difficult to detect and become more persistent, because the downloader will always find a way to download payload back to the device.

Disclosure: We might earn commission from qualifying purchases. The commission help keep the rest of my content free, so thank you!

Footer

VTOMAN FlashSpeed 1500 Portable Power Station Review

OpenRock S Review – Revolutionizing the World of Earbuds

KEF LS50 Bookshelf Speakers Review: A Sound Decision Over the LS50 Meta

ALLPOWERS SP033 200W Portable Solar Panel Review – Eco-Friendly Energy on the Go

Follow TechWalls

YoutubeFacebookTwitterInstagram

Recent Posts

  • VTOMAN FlashSpeed 1500 Portable Power Station Review
  • OpenRock S Review – Revolutionizing the World of Earbuds
  • AiDot OREiN & Linkind Matter Smart Light Bulb Review
  • OKP L1 Robot Vacuum Cleaner Review – Affordable Robot with LiDAR Navigation

Copyright © 2023 ยท All Rights Reserved

Manage Cookie Consent
We use technologies like cookies to store and/or access device information. We do this to improve browsing experience and to show personalized ads. Consenting to these technologies will allow us to process data such as browsing behavior or unique IDs on this site. Not consenting or withdrawing consent, may adversely affect certain features and functions.
Functional cookies Always active
The technical storage or access is strictly necessary for the legitimate purpose of enabling the use of a specific service explicitly requested by the subscriber or user, or for the sole purpose of carrying out the transmission of a communication over an electronic communications network.
Preferences
The technical storage or access is necessary for the legitimate purpose of storing preferences that are not requested by the subscriber or user.
Statistics
The technical storage or access that is used exclusively for statistical purposes. The technical storage or access that is used exclusively for anonymous statistical purposes. Without a subpoena, voluntary compliance on the part of your Internet Service Provider, or additional records from a third party, information stored or retrieved for this purpose alone cannot usually be used to identify you.
Marketing
The technical storage or access is required to create user profiles to send advertising, or to track the user on a website or across several websites for similar marketing purposes.
Manage options Manage services Manage {vendor_count} vendors Read more about these purposes
View preferences
{title} {title} {title}