Security firm Fire Eye has reported on a new and disturbing Trojan making the rounds, called SlemBunk. Unlike so many of the other Trojans we’ve heard about, this one specifically targets handheld devices, and Android devices in particular.
Most often, the app is downloaded by users visiting certain websites. It is especially prevalent on pornography sites, but there are a number of others it has been discovered on. In any case, oftentimes, the app masquerades as an Adobe update. Agreeing to the installation is all it takes.
Operationally, SlemBunk is a very selective app. Rather than giving its owners access to all the personal information you have on your phone, it simply waits and listens, selectively grabbing authentication information from certain, pre-selected banking and financial applications you may be running on your phone. It then forwards those data onto the hackers.
How big of a problem is this? Well, increasingly, people are coming to use their handhelds to do their banking. Mobile banking has already surpassed in-branch banking and will soon eclipse PC banking, and sadly, it is increasingly fraught with danger. In fact, it’s gotten so bad that the official recommendation is for banks to begin insisting on some form of biometric authentication, in order to help prevent the mass stealing of financial and personal information.
Given the width and breadth of the identity theft problem we have, worldwide, it was only a matter of time before the hackers began specifically targeting handheld devices. While they tend to have as many, if not more built-in security features, desktop machines are (for the most part) pound-for-pound better protected devices.
Do you use your handheld for banking? Do you access company accounts with it? Do any of your employees? If so, you could already be at risk. This is a new concern to add to your growing list, and yet another area the hacking community is increasingly probing.