Follow Slashdot blog updates by subscribing to our blog RSS feed

 



Forgot your password?
typodupeerror
×
Android Crime Security

Android Banking Malware SlemBunk Part of Well-Organized Campaign (fireeye.com) 35

itwbennett writes: Researchers from FireEye first documented the SlemBunk Android Trojan that targets mobile banking users in December. Once installed, it starts monitoring the processes running on the device and when it detects that a mobile banking app is launched, it displays a fake user interface on top of it to trick users into inputting their credentials. The Trojan can spoof the user interfaces of apps from at least 31 banks from across the world and two mobile payment service providers. The attack is more complicated than it appears at first glance, because the APK (Android application package) that users first download does not contain any malicious functionality, making it hard for antivirus apps and even Android's built-in app scanner to detect it.
This discussion has been archived. No new comments can be posted.

Android Banking Malware SlemBunk Part of Well-Organized Campaign

Comments Filter:
  • Never (Score:5, Insightful)

    by jodido ( 1052890 ) on Thursday January 14, 2016 @07:31PM (#51304341)
    This is why I don't and never will have a banking app on any mobile device.
    • I do all my banking on a virtual machine on my desktop that I only use to visit the banking websites.

      • Re:Never (Score:5, Insightful)

        by sexconker ( 1179573 ) on Thursday January 14, 2016 @08:02PM (#51304477)

        I do all my banking at a bank.

        Actually, I tried to, but half of the time they told me shit like "Nah, we can't do that at the bank, go online to do it." or "Nah, we're Bank of America and you need to call Banc of America, despite the fact that your card says Bank of America on it.". I closed my fucking accounts when they said they wouldn't block the repeated fraudulent ACH withdrawals from my checking account. They said they would block transactions from XYZ for a specific amount, $N, but XYZ was free to steal $N+1 or $100*N at any time.

        I'd say that more than half of the insecurity and general fucked-upedness of banking in the US resides with the banks, not with the methods people access the banks. The fact that we're barely transitioning to chip-and-sign (not even chip-and-pin) is a great example of how little they care.

        • Re:Never (Score:5, Funny)

          by ElectricHellKnight ( 4011689 ) on Thursday January 14, 2016 @08:08PM (#51304499)
          I do all my banking under my mattress.
        • Re: (Score:2, Informative)

          by DogDude ( 805747 )
          Banking with banks is dumb unless you're ultra-rich. Everybody else should use credit unions.
        • Well banks are pretty insecure. You show them your ATM card and 4 digit PIN and you can do just about anything. Ten years ago, I did my banking somewhere that they used a fool-proof biometric identification system. The chances of walk-in fraud were pretty low. Now all you need is to skim an ATM card and PIN and you can do all kinds of transactions inside the bank without question. The ATMs have a transaction limit to prevent large fraud. But you can do a lot more at the teller.
        • by lhowaf ( 3348065 )
          You're right...and the chip-and-sign cards have nothing to do with security. It is just the banks shifting liability for fraud away from themselves and onto retailers.
    • by antdude ( 79039 )

      How about on computer and in person? Same thing can happen. :P

    • Re:Never (Score:5, Funny)

      by thegarbz ( 1787294 ) on Friday January 15, 2016 @03:05AM (#51305587)

      I used to do it on my Windows 10 machine, but after advice here on Slashdot I now only do internet banking on an old vanilla Windows XP machine running IE6. I heard that Windows updates are bad, and antivirus products are worse so I have gone back to basics to keep me safe.

    • This is why I don't and never will have a banking app on any mobile device.

      Unless paired with a physical token...?

    • I hope that the OP was going for a +1 Funny although I'm probably now going to get a -1 because I read TFA. Banking on your phone is still the most secure option. If you have a Nexus branded device or a third-party one with Google Play services and get your apps from the Play store, there's no risk here whatsoever. This only affects those who have allowed apps from "untrusted" sources. The fact that anti-virus can't pick it up only shows that anti-virus is stupid and you shouldn't be running it on your
  • ... oh that is right I need to be vulnerable for a year because Samsung and the carriers want me to buy a new phone to be more secure

  • by ThatsNotPudding ( 1045640 ) on Friday January 15, 2016 @07:49AM (#51306235)
    Maybe they had a point. Every day has news of more and more hacking exploits and vulnerabilities and you can extrapolate how many more are still under wraps. On top of this, we now have proof all our governments (and most corporations) spy on us and yet still want even more access, resulting in true privacy becoming as precious and diminishing as potable water.

    The boiled frogs are about done.

Real programmers don't bring brown-bag lunches. If the vending machine doesn't sell it, they don't eat it. Vending machines don't sell quiche.

Working...