Mobile Malware GM Bot v2 Released, Price Triples

After news from IBM X-Force about the leak of Android malware GM Bot’s source code, the author of GM Bot released a second version of the malware. News of v2 came from the official GM Bot developer and vendor, a user going by the alias GanjaMan in venues where the malware is sold.

According to an underground forum post authored by GM Bot’s vendor, it took six months’ worth of work for this updated version of GM Bot. GanjaMan adds that v2 was “written from scratch,” perhaps in order to emphasize that it does not use the previous version’s code, which was recently leaked by one of its dubious customers.

Evolving With Exploitation Tools

An interesting point mentioned by the post’s author is his claim that he has incorporated three different Android OS exploits for infecting user devices. At this time, the exploits the vendor mentions are known and have patches, so fully up-to-date devices should be protected against such vulnerabilities. However, according to the post, additional exploits are being examined and will be added in the coming months.

The developer also promises a future option to open a Tor communication channel from infected devices and having root admin control that cannot ever be undone by the user. Building malware that roots the infected device can allow an attacker to download additional malware into the device and control it remotely.

Calling on Early Adopters

The new mobile malware is apparently a testing phase of sorts at this time, but early adopters are not getting a discount. The malware developer offers a $15,000 package for the malware and exploits, plus an ongoing $2,000 rental fee starting from the second month onward. Those who wish to skip the exploits pack can opt for the malware-only package at $8,000, plus a $1,200 monthly rental fee from the second month on. The price has tripled compared to the $5,000 price tag for the previous version.

Malware pricing with monthly fees in tow are reminiscent of the sale model of major banking Trojans such as Zeus, SpyEye and Citadel, when those kits were peddled by their developers a few years back.

Judging by past cases of underground malware vendors, the monthly rental fees are most likely technical support fees. Trojan vendors have been known to run into debilitating operational issues as a result of having to provide support to their buyers without getting paid for the extra time spent on resolving issues, bugs and technical questions. The monthly fee concept helps the developers hire tech support agents to handle requests while they continue to develop and sell the malware.

On top of recruiting customers, as he puts it, GanjaMan is also seeking professional pay-per-install accomplices and cybercriminals who can help with directing Web traffic in countries his buyers would be interested in targeting.

Read the rest of this post here: https://securityintelligence.com/mobile-malware-gm-bot-v2-released-price-triples/