Published on January 20th, 2018 📆 | 2665 Views ⚑0
The author of Exobot Bank Trojans sell the source code
According to bleepingcomputer media on January 17, the security researcher said the source code of an advanced Android Exobot bank Trojan sold to different people in the well-known hacker forum, the situation of Android users will get worse.
This worrisome Trojan is an Android malware that first appeared in a June 2016 malware attack scenario. Like most professionally encoded desktops or mobile banking Trojans today, Exobot has been rented to customers on a monthly basis.
Although customers do not have access to the Exobot Trojan source code, they can use the Exobot author’s configuration panel to compile malicious applications for each client-defined setting. Then, the renter must distribute these applications to the victims. Exobot has been one of the most active Android mobile Trojans for the past two years (including BankBot, GM Bot, Mazar Bot, and Red Alert).
Initially, some security companies called the Trojan Marcher but eventually called it by its author’s name. In the second half of 2016, Exobot’s initial profits spurred the authors of Exobot to create Exobot v2. Bleeping Computer covers the rise of Exobot v2 as Trojans make dark webs, hacker forums, XMPP spam, and even publicize the public Internet.
According to press past evidence of dialogue with many security researchers, Exobot appears to be a lucrative business that is being used by users in many countries around the world.
Exobot authors sell bank Trojans
Unexpectedly, the author of Exobot made a big move with the generic “Android” alias, though in hindsight this may pose a lot of problems for prospective users. Just recently, the author of Exobot decided to close the Exobot rental program and sell the source code to a handful of customers.
Below are two pictures of Exobot’s author sales ad, provided by Cengiz Han Sahin, a mobile security researcher at SfyLabs.
Sahin, a security official, states that this statement in the field of malware generally means one of two things:
Either malicious actors noticed a surge in interest from law enforcement or their competitors fighting back to market share, either because his business is indeed very rich and risks or income are no longer motivated by profit.
Public concern Exobot source code is public
However, despite these reasons, there is no doubt that the sale of Exobot will have a profound impact on the Android malware attack scenario, if not immediately.
A reporter has reported many such incidents in the past. According to the reporter’s experience and Sahin’s prediction, it is only a matter of time before the source code is leaked online. Such sales are almost never kept secret, and when the author of Exobot does not provide the buyer’s required support, the dissatisfied customer divulges the source code. For example, in the past decade, many home desktop banking Trojans have been leaked.
Once leaked, the Exobot code will resemble the fate of Slempo, BankBot, and GM Bot Android Trojans, reorganizing into hundreds of branching Trojans, reducing the cost and technical skills needed to move to mobile malware scenarios.
Exobot sells or derives new malware activities
However, new users of the Trojan are ready to use before the low-skill malicious actors leak the Exobot version.
Sahin, a security official, said: “Less than a month after the malicious actors began selling the Exobot source code, new activities were discovered in Austria, the United Kingdom, the Netherlands and Turkey, Turkey, the country most affected by these activities, for more than 4,400 Taiwan equipment involved.
The increase in this malicious Exobot application is due to some private sales of Exobot source code. If the source code leaks, the scale of Exobot attacks may exceed the safety of people’s imagination, as the same as the BankBot Trojan. It is reported that BankBot leaked online at the end of 2016. It has always been the heart of malicious applications spread through the Google Play Store,
Decentralized Android operating systems, mobile operators that do not deliver patches in time, and Google’s game store team do not seem to be able to keep up with the malware authors for a number of reasons that make Android users a serious disadvantage in moving malware. The only way to protect most users is to move anti-virus solutions and some common sense, such as refusing to install applications from untrusted sources, not installing game store applications that require unnecessary permissions, and more.