Mobile Malware GM Bot v2 Released, Price Triples
After
news from IBM X-Force about the leak of Android malware GM Bot’s source code,
the author of GM Bot released a second version of the malware. News of v2 came
from the official GM Bot developer and vendor, a user going by the alias
GanjaMan in venues where the malware is sold.
According
to an underground forum post authored by GM Bot’s vendor, it took six months’
worth of work for this updated version of GM Bot. GanjaMan adds that v2 was “written
from scratch,” perhaps in order to emphasize that it does not use the previous
version’s code, which was recently leaked by one of its dubious customers.
Evolving With Exploitation Tools
An
interesting point mentioned by the post’s author is his claim that he has
incorporated three different Android OS exploits for infecting user devices. At
this time, the exploits the vendor mentions are known and have patches, so
fully up-to-date devices should be protected against such vulnerabilities.
However, according to the post, additional exploits are being examined and will
be added in the coming months.
The
developer also promises a future option to open a Tor communication channel
from infected devices and having root admin control that cannot ever be undone
by the user. Building malware that roots the infected device can allow an
attacker to download additional malware into the device and control it
remotely.
Calling on Early Adopters
The new
mobile malware is apparently a testing phase of sorts at this time, but early
adopters are not getting a discount. The malware developer offers a $15,000
package for the malware and exploits, plus an ongoing $2,000 rental fee
starting from the second month onward. Those who wish to skip the exploits pack
can opt for the malware-only package at $8,000, plus a $1,200 monthly rental
fee from the second month on. The price has tripled compared to the $5,000
price tag for the previous version.
Malware
pricing with monthly fees in tow are reminiscent of the sale model of major
banking Trojans such as Zeus, SpyEye and Citadel, when those kits were peddled
by their developers a few years back.
Judging
by past cases of underground malware vendors, the monthly rental fees are most
likely technical support fees. Trojan vendors have been known to run into
debilitating operational issues as a result of having to provide support to
their buyers without getting paid for the extra time spent on resolving issues,
bugs and technical questions. The monthly fee concept helps the developers hire
tech support agents to handle requests while they continue to develop and sell
the malware.
On top
of recruiting customers, as he puts it, GanjaMan is also seeking professional
pay-per-install accomplices and cybercriminals who can help with directing Web
traffic in countries his buyers would be interested in targeting.
Read the rest of this post here: https://securityintelligence.com/mobile-malware-gm-bot-v2-released-price-triples/
Comments
Post a Comment