The source code for a powerful Android banking malware program that steals online banking credentials has been leaked

The secret code for Android banking malware program that steals on-line banking credentials has been leaked, researchers at IBM have verified.

A malware family that is known by a number of names corresponding to Slempo, Bankosy, Acecard, MazarBot and the infamous GM Bot has had its supply code leaked on an underground discussion board board in December 2015, protection researchers at IBM have learned.

The leaked code for the malware and its manage panel is now available to fraudsters and malicious operators for free. Incredibly, the source code also comes with an instructional and directions for server-facet installation. This means that the GM Bot malware is now available by cybercriminals who can then create new versions of the malware pressure. Basically, the leaked supply code can be utilized to enhance, promote and install the malware.

GM Bot has been bought on underground hacking boards for roughly $500. One purchaser then proceeded to leak the supply code without cost, perhaps to broaden his or her repute among the many forum contributors. To expand one’s standing among the underground board, criminals typically offer or provide some thing again to the group. On this example, the supply code of a banking malware, entire with a tutorial to allow online banking fraud. The leak used to be made possible by way of an encrypted archive file that contained the GM Bot malware source code.

IBM’s blog revealed:

He [the cybercriminal who leaked the source code] indicated he would give the password to the archive only to active forum members who approached him. Those who received the password in turn passed it on to other, unintended users, so the actual distribution of the code went well beyond that discussion board’s member list.

GM Bot initially emerged in late 2014 on Russian-talking hacking forums. The malware exploits a vulnerability often called “exercise hijacking,” customary in older types of Android. The vulnerability makes it possible for an overlay to be displayed over a professional utility. The overlay nearly replicates the display that the consumer often sees when opening a banking app. Unbeknownst to the precise consumer, the banking app is correctly going for walks beneath the malicious overlay. When the user enters his or her login credentials, the understanding is distributed to attackers instead.

Google, for its phase, has strengthened its safety framework to position the brakes on activity hijacking on android models greater than 5.0(Lollipop)