Mar 29, 2017 | Updated: 05:07 PM EDT

Maybe It’s Time To Quit Porn: Trojan Horse SlemBunk Installs Itself Via Porn Video Requests For “Flash Updates”

Jan 17, 2016 08:34 PM EST

Avid fans of porn who also happen to use mobile payments apps better beware: An Android Trojan dubbed “SlemBunk” by cyber security firm FireEye has been on the loose since December. The malware activates as soon as it detects that the user has opened a mobile payments app, and then tricks the user into giving it their personal details.

Like Us on Facebook

In a report by PCWorld, the malware is deployed in several stages:

1. As the user is about to watch porn videos, a prompt to “update their Android’s flash player” would appear. Most of the time, users would just happily download the “update,” as PCWorld points out.

2. The “flash update” can bypass mobile AntiVirus apps because the “update” in itself does not contain malicious code.

3. The app then unpacks itself and generates new code and then installs the phishing app.

4. As soon as a mobile payment app is launched, SlemBunk inserts its own user interface (UI) on top of the app, to trick the user into giving it their credentials.

5. Goodbye, money.

As you can see, the app is, indeed, a very sophisticated, systematic Trojan. “Trojans” as malware were so named, because like the Trojan Horse of the Helen of Troy myth, it disguises itself as “benign,” only to attack once it’s inside the system. Much like the Trojan Horse, which the citizens of Sparta and Greece sent to the kingdom of Troy, Trojans, the malware, needs the users to “let it in.” Then when it’s “in,” it simply attacks from within.

As you can see, by the way that the SlemBunk gets “let in” by the users themselves, then creates the main app that will do what its creators built it for, it is clearly a Trojan Horse malware and a sophisticated, systematic one at that. Given the fact that it needs the cooperation of the end-user, this reminds us, again, that end-users are always the gatekeepers of their own mobile computing security.

There’s a bit of a snag for the SlemBunk Trojan, though "The Flash update” it requires that the user would sideload the app. So if the end-user is, at least, a little awake, a little vigilant, that should set off alarm bells and cause them to cancel the install. Never trust third-party applications in this day and age. Never tick that option to allow third-party installs, if you know what’s good for you, either.

Droid Report’s advice? Don’t download updates that aren’t from the Google Play Store. Don’t install third-party apps. Don’t sideload apps. And the bottom line? Stop watching porn. According to a Mic article, watching porn shrinks your brain. So quitting porn a win-win thing, across the board, anyway.

***

More on the SlemBunk Trojan via PCWorld: http://www.pcworld.com/article/3022426/android-banking-malware-slembunk-is-part-of-a-well-organized-campaign.html

The original FireEye report, with coding notes for geeks and developers: https://www.fireeye.com/blog/threat-research/2015/12/slembunk_an_evolvin.html

The Mic.com article that said that watching porn shrinks one’s brain: http://mic.com/articles/132436/these-are-the-10-common-behaviors-that-are-actually-shrinking-your-brain#.nEuGZwGV4


Real Time Analytics