Pay attention all Android users! According to the researchers of IBM, the source code for a potent malware program that can extract online banking credentials has been leaked.
This family of malware that essentially targets the Android operating system is known by several names, like GM Bot, Slempo, Bankosy, Acecard, Slempo, and MazarBot. And out of all these malware, the GM Bot has attracted the attention of many underground hackers. It has reportedly been sold at around 500 US dollars on hacking forums and then leaked by that someone who bought the code on another forum in December, perhaps to fan his own popularity.
According to Limor Kessem, a cyber security analyst associated with IBM Trusteer, the person who leaked this aforementioned file online did so through an encrypted archive file that contained the source code of GM Bot.
The person also mentioned on the forum that he would only part with the password for the archive to those active members who approached him. Kessem also wrote – “Those who received the password in turn passed it on to other, unintended users, so the actual distribution of the code went well beyond that discussion board’s member list.” And thus, the code spread like wildfire.
While GM Bot is quite a terrific threat, previously there have been powerful banking Trojans, whose source codes have been leaked before with apps Zeus, SpyEye, and Carberp, Kessem wrote. And while the GM Bot “may not be as prolific” like the ones mentioned before, it is “definitely a game-changer” in its unique way.
The malware program first emerged in late 2014 on Russian speaking forums, to exploit an issue known as activity hijacking associated with older Android devices, which allowed overlay programs to become visible over a legitimate application.
The overlay was quite similar in looks to what a user would expect while launching a banking application on his Android device. The user thus reveals all his credentials in the app which get transferred through the overlay to the hackers.
After old Android devices had become vulnerable to the issue of activity hijacking, Google updated its security system to combat this issue in Android versions higher than 5.0.
Warning of the potency of GM Bot, Kressem mentioned in his blog:
“Previous mobile malware — before overlays became commercially available to fraudsters — could steal SMS codes, but those would have been meaningless without phishing schemes or a trojan on the victim’s PC to steal access credentials.”