Android Banking Malware SlemBunk Part of Well-Organized Campaign

itwbennett writes: Researchers from FireEye first documented the SlemBunk Android Trojan that targets mobile banking users in December. Once installed, it starts monitoring the processes running on the device and when it detects that a mobile banking app is launched, it displays a fake user interface on top of it to trick users into inputting their credentials. The Trojan can spoof the user interfaces of apps from at least 31 banks from across the world and two mobile payment service providers. The attack is more complicated than it appears at first glance, because the APK (Android application package) that users first download does not contain any malicious functionality, making it hard for antivirus apps and even Android's built-in app scanner to detect it.

Never

[jodido]

This is why I don't and never will have a banking app on any mobile device.

Re:Never

[sexconker]

I do all my banking at a bank.

Actually, I tried to, but half of the time they told me shit like "Nah, we can't do that at the bank, go online to do it." or "Nah, we're Bank of America and you need to call Banc of America, despite the fact that your card says Bank of America on it.". I closed my fucking accounts when they said they wouldn't block the repeated fraudulent ACH withdrawals from my checking account. They said they would block transactions from XYZ for a specific amount, $N, but XYZ was free to steal $N+1 or $100*N at any time.

I'd say that more than half of the insecurity and general fucked-upedness of banking in the US resides with the banks, not with the methods people access the banks. The fact that we're barely transitioning to chip-and-sign (not even chip-and-pin) is a great example of how little they care.