no instances of SlemBunk have been observed on Google Play, so users will only get infected if the malware is sideloaded or downloaded from a malicious website. Newer versions of SlemBunk were observed being distributed via porn websites.
Users who visit these sites are incessantly prompted to download an Adobe Flash update to view the porn, and doing so downloads the malware. While financial gain is the primary goal of this malware, SlemBunk is also interested in user data. This is reflected by its attempt to hijack the login credentials of high profile Android applications, including popular social media apps, utility apps instant messaging apps.