Two New Kinds of Android Malware: SlemBunk and Marcher

May 2016
ITDATA’s cybersecurity partner, Layer 8 Security, has an on-going relationship with local and federal law enforcement. We receive bulletins from the FBI on a continuous basis. We are sending this alert because it is important to us that your company stays informed on the latest cybersecurity updates to keep you and your business protected. If you have questions or concerns regarding this alert please contact us at
The FBI has identified two new kinds of Android Malware; SlemBunk and Marcher -designed to target US financial institution customers. These two bugs are phishing for specified US financial institutions’ customer credentials. The malware monitors the infected phone for the launch of a targeted mobile banking application to inject a phishing overlay over the legitimate application’s user interface. The malware then displays an indistinguishable fake login interface to steal the victim’s banking credentials. It defeats two factor authentication by its ability to monitor SMS (Short Message Service) messages. This also obscures the cell phone as the source of the infection. The Slembunk malware infects social media phone apps as well as instant messaging apps, using the same fake login overlay to collect data.

The malware is downloaded to the phone in one of the following ways: 

  • SMS or MMS phishing, with messages requesting the user to install malicious Adobe Flash Player software
  • Malvertisements or pop-ups from an adult website prompting the user to download malicious Adobe Flash update
  • Mobile applications downloaded from third-party vendor sites
  • Phishing emails

For further details regarding this alert and recommended cyber hygiene protocol to avoid infection please see our blog, Savvy New Android Malware – Buyer Beware.
For more information about avoiding malware and system security, Contact ITDATA today.