BankBot Intercepts Banking Emails
Posted by: Timothy Weaver on 01/25/2017 11:51 AM
[
Comments
]
An unknown hacker leaked the source code for a banking trojan and cyber-criminals have tweaked it.
Android.BankBot was created by hackers after an unknown banking trojan was leaked on the web according to Dr. Web.
“A banking Trojan that targets Android devices. It is distributed under the guise of benign programs, e.g., Google programs with the Play Store icon,” Dr. Web wrote. Once it is activated, it asks victims to grant administrative privileges and then deletes the icon from the desktop.
Jerome Segura, Malwarebytes lead malware intelligence analyst, said: “We have seen many similar leaks before, for example the Zeus banking Trojan, or SpyEye. Typically a competitor or a grey hat will choose to expose the code for various reasons. Having source code public is a bit of an issue because less skilled malware guys can simply copy/paste it and have a quality product very quickly, therefore creating more work for the community to defend against it."
Lamar Bailey, Tripwire's senior director of security R&D, commented on the leak: “Dumping malware code is great way to allow others to contribute to the code and modify it to help evade detection. This tactic was very successful for distributing Zeus. When you have a larger group modifying the code, the number of variants increases rapidly, making it very hard for security products that rely on pattern matching to detect it.”
Banking information is not the only thing the malware looks for. It looks for a long list of apps installed on the phone, and if found, connects to the command and control center. It then asks for login credentials and sends that information to the server.
The trojan also looks for security apps in an effort to block it. It also looks for SMS emails from a bank inorder to stop the victim from being informed of a compromised account.
Source: SCMagazine
Android.BankBot was created by hackers after an unknown banking trojan was leaked on the web according to Dr. Web.“A banking Trojan that targets Android devices. It is distributed under the guise of benign programs, e.g., Google programs with the Play Store icon,” Dr. Web wrote. Once it is activated, it asks victims to grant administrative privileges and then deletes the icon from the desktop.
Jerome Segura, Malwarebytes lead malware intelligence analyst, said: “We have seen many similar leaks before, for example the Zeus banking Trojan, or SpyEye. Typically a competitor or a grey hat will choose to expose the code for various reasons. Having source code public is a bit of an issue because less skilled malware guys can simply copy/paste it and have a quality product very quickly, therefore creating more work for the community to defend against it."
Lamar Bailey, Tripwire's senior director of security R&D, commented on the leak: “Dumping malware code is great way to allow others to contribute to the code and modify it to help evade detection. This tactic was very successful for distributing Zeus. When you have a larger group modifying the code, the number of variants increases rapidly, making it very hard for security products that rely on pattern matching to detect it.”
Banking information is not the only thing the malware looks for. It looks for a long list of apps installed on the phone, and if found, connects to the command and control center. It then asks for login credentials and sends that information to the server.
The trojan also looks for security apps in an effort to block it. It also looks for SMS emails from a bank inorder to stop the victim from being informed of a compromised account.
Source: SCMagazine
Comments
