Android Malware About to Get Worse: GM Bot Source Code Leaked
IBM
X-Force threat intelligence has found that the source code for Android malware
GM Bot was leaked on an underground board in December 2015. The leaked code for
the malware and its control panel have since been further propagated to
different users, making this popular Android Trojan accessible to fraudsters
for free, with a tutorial and server-side installation instructions to match.
GM Bot
will be available to cybercriminals who can recompile the code, create new
variants and use the leaked sources to build, sell or deploy this malware for
fraud scenarios.
A Mobile Source Code Leak
How was
this source code leaked? And why? In this particular case, it looks like the
leak didn’t result from a dispute between criminals. Instead, it looks like it
was the choice of one of GM Bot’s buyers. When it comes to cybercriminals
selling malware in underground venues, black-hat vendors simply cannot control
what their buyers may do with the malware once it is in their possession. As
they say: Leaks happen!
The
exposure of GM Bot’s code is comparable to the source code leaks of PC Trojans
that include Zeus, SpyEye, Carberp and others. While GM Bot may not be as
prolific as the major banking Trojans mentioned here, it is definitely a game
changer in the realm of mobile threats. Its source code leak, similar to the
Zeus leak, is likely to give rise to many variations of this sort of malware.
The
reasoning behind leaking the code appears to be one buyer’s personal desire to
enhance credibility in the underground boards. To be considered more credible
or up their rank, criminals usually have to give something back to the
fraudster community they’re a part of; in this case, it was a tutorial
explaining the use of mobile malware for online banking fraud.
The
fraudster that leaked the code threw in an encrypted archive file of the GM Bot
malware source. He indicated he would give the password to the archive only to
active forum members who approached him. Those who received the password in
turn passed it on to other, unintended users, so the actual distribution of the
code went well beyond that discussion board’s member list.
Where
does that leave GM Bot’s creator? The original vendor already sold the rights
to distribute what’s considered GM Bot v1 to another cybercriminal that peddles
it in the underground for $500. That version is called MazarBot, and it is just
as popular among cybercriminals.
According
to X-Force threat intelligence, the code’s author moved on to working on a new
version dubbed GM Bot v2.0, which is sold in financial fraud-themed underground
boards.
Read the rest of this post here: https://securityintelligence.com/android-malware-about-to-get-worse-gm-bot-source-code-leaked/
Comments
Post a Comment