New evil android phishing trojans empty your bank account

May 12, 2016

Infragard warned that the FBI has identified two Android malware families, SlemBunk and Marcher, actively phishing for specified US financial institutions’ customer credentials. The malware monitors the infected phone for the launch of a targeted mobile banking application to inject a phishing overlay over the legitimate application’s user interface.

The malware then displays an indistinguishable fake login interface to steal the victim’s banking credentials. According to cyber threat industry reports, both malware families have targeted foreign financial institutions since 2014, gradually broadening the list to include Western banks, and offered the malware for lease or purchase, respectively, in underground forums. At least as of December 2015, the malware expanded its configuration to include the Android package names of US financial institutions.

SlemBunk apps masquerade as common, popular applications and stay incognito after running for the first time. They have the ability to phish for and harvest authentication credentials when specified banking and other similar apps are launched. 

Users will only get infected if the malware is sideloaded or downloaded from a malicious website. Newer versions of SlemBunk were observed being distributed via porn websites. Users who visit these sites are incessantly prompted to download an Adobe Flash update to view the porn, and doing so downloads the malware.

What To Do About IT

To protect your users from these threats, here is something you can cut/paste and email to all your employees, whether they have Android or iPhones. Feel free to edit:

"Internet bad guys are constantly improving their criminal software for Android smartphones. The last few months they have moved into sophisticated evil apps that steal the user name and password of your mobile banking apps. If you have an iPhone, keep reading - some of this applies to you too. 

Google monitors for criminal apps on the Google Play app store and kicks out malicious apps, but other websites do not. Please remember to:

1. Never download apps from other websites (this is called a "sideload").
2. Keep your device updated with the latest version of the Operating System, both phones and tablets.
3. Do not tap (click) on text messages that you did not expect or are suspicious. True for iPhones too!
4. To prevent malware infections, do not use your phone to surf inappropriate sites as the risks are very high on those sites.

In short, on your workstation, your tablet or your smartphone... Think Before You Click!"

KnowBe4 has a specific training module called Mobile Device Security. This 15-minute module specializes in making sure your employees understand the importance of Mobile Device Security. They will learn the risks of their exposure to mobile security threats so they are able to apply this knowledge in their day-to-day job.

Find out how affordable this is for your organization and be pleasantly surprised.

Article by Stu Sjouwerman, KnowBe4
View original article here