The following is a recent alert put out by the FBI regarding recent malware attacks on US Financial Institutions’’ Customers. This updated malware is highly sophisticated and we strongly encourage you to review and follow the FBI recommendations.
The FBI has identified two Android malware families, SlemBunk and Marcher, actively phishing for specified US financial institutions’ customer credentials. The malware monitors the infected phone for the launch of a targeted mobile banking application to inject a phishing overlay over the legitimate application’s user interface. The malware then displays an indistinguishable fake login interface to steal the victim’s banking credentials. According to cyber threat industry reports, both malware families have targeted foreign financial institutions since 2014, gradually broadening the list to include Western banks, and offered the malware for lease or purchase, respectively, in underground forums. At least as of December 2015, the malware expanded its configuration to include the Android package names of US financial institutions.
Scope of Threat
Both malware families are capable of defeating two-factor authentication through their ability to monitor and intercept SMS messages, facilitating the attackers’ ability to perform account takeovers using only the infected mobile device. The developer has proven adept at releasing numerous mobile malware variants and, as of late 2015, also broadened the target list to include Android applications for common US social media and instant messaging platforms, applying the same overlay technique to prompt the user for login credentials and/or credit card information.
Review of cyber threat industry reports on the two malware families reveals the following initial vectors of compromise:
- SMS or MMS phishing, to include messages requesting the user to install malicious Adobe Flash Player software;
- Malvertisements or pop-ups from adult Web sites prompting the user to download a malicious Adobe Flash update;
- Mobile applications downloaded from third-party mobile application platforms; and
- Phishing e-mails.
Recommendations for Members
- Install mobile applications from trusted sources, and review the application vendor prior to download.
- Do not download software or applications from third-party application platforms or untrusted Web sites.
- Review application permissions during installation; ensure permissions requested are appropriate for the type of application being downloaded.
- Install and regularly update the Android operating system.
- Do not use "Rooted" Android devices, as such devices will not receive automatic updates.
- Install and regularly update anti-virus or anti-malware software on Android devices.
- Do not open or click on hyperlinks in SMS, MMS, or e-mail messages from unknown or suspicious sources.
- Do not open attachments included in unsolicited e-mails.
- Consider downloading an ad blocker to enable the device’s browser to block advertisements and pop-ups.
- Use only secured wireless connections to access the Internet, taking extreme caution when accessing public Wi-Fi connections.
Should you detect or suspect your mobile device has been compromised by malware, please contact University Credit Union immediately so that steps can be taken to prevent any potential fraudulent activity from occurring on your account. Thank you.