The FBI has identified two new kinds of Android Malware; SlemBunk and Marcher. These are designed to target US financial institution customers. These two bugs are phishing for specified US financial institutions’ customer credentials. The malware monitors the infected phone for the launch of a targeted mobile banking application to inject a phishing overlay over the legitimate application’s user interface. The malware then displays an indistinguishable fake login interface to steal the victim’s banking credentials. The malware defeats two factor authentication by its ability to monitor SMS (Short Message Service) messages. This also obscures the cell phone as the source of the infection. The Slembunk malware infects social media phone apps as well as instant messaging apps, using the same fake login overlay to collect data.
The malware is downloaded to the phone in one of the following ways:
- SMS or MMS phishing, with messages requesting the user to install malicious Adobe Flash Player software
- Malvertisements or pop-ups from an adult website prompting the user to download malicious Adobe Flash update
- Mobile applications downloaded from third-party vendor sites
- Phishing email
Users can avoid infection following good cyber hygiene protocols:
- Install Apps only from trusted vendor sites and review the App before download
- Do not download third party Apps from third party vendor sites
- Review the Apps permissions to make sure they are appropriate to the App, i.e., a weather App does not need to review the phone log
- Install and update Android software
- Do not use a Jailbroken Android device, it does not receive software updates
- Install and update anti-virus or anti-malware software
- Do not open SMS, MMS or email from a suspicious source
- Do not click on an embedded link within an SMS, MMS or email from a suspicious source
- Do not open attachments embedded within SMS, MMS or email from a suspicious source
- Download a trusted ad-blocker App
Use only secure wireless connections when browsing with a cell phone. Be extremely cautious when using public wi-fi connections, they are unsecured. Consider using a VPN (Virtual Private Network) App if public wi-fi connections are accessed frequently.
Contact your banking institution should you have any questions regarding the financial apps you may have installed. If you feel your phone may be infected, contact your service provider.