The NukeBot Trojan, a Bruised Ego and a Surprising Source Code Leak
An Uncommon Tale of a Failed Banking Trojan Vendor
In early December 2016, IBM X-Force researchers
noticed the emergence of a new banking malware advertised for sale in a few
underground boards. The malware’s vendor, who went by the online moniker Gosya,
was a Russian-speaking member who introduced himself as the developer of
Nuclear Bot, or NukeBot, a modular banking Trojan.
Considering the demand for commercially available
malware in the cybercrime community, this malware should have been accepted
very eagerly. But instead, its developer’s user account was banned from
multiple forums. In March 2017, the source code was leaked, apparently by the
developer himself.
What led to this leak, and what impact can we
expect as a result?
Dear reader: this post is part of my research work
at IBM X-Force. Read the complete post here.
Also note, this story was picked up by Krebs on Security who later interviewed the malware's author. Krebs quoted this blog post in his investigation. You can read his post here.
Comments
Post a Comment