Someone has leaked the source code of a recently discovered Android trojan bank. Security researchers have come to the conclusion that the recent wave of attacks on the Android trojans have something in common: the code is the same.
During 2015, there was an outbreak of banking Trojans targeting Android devices. Security researchers from FireEye discovered SlemBunk, Symantec reported Bankosy, and last week Heimdal Security revealed the Mazar BOT.
According to IBM's X-Force Team, all of these Android trojans belong to the same family that IBM monitors from 2014.
Το κακόβουλο λογισμικό που ονομάζεται GM Bot, εμφανίστηκε σε Ρώσικα underground forums και πωλούνταν από 500 έως 450 δολάρια. Υπάρχουν και άλλα που χρησιμοποιούνται λιγότερο, με τα ονόματα Acecard and Slempo.
As IBM explains, the developer of this threat has decided to abandon the current version (v1) and move on to a new one, but not before selling the distribution rights of the latest version of Mazar BOT.
The source code of Mazar BOT, however, leaked when the administrator of an underground hacking forum bought the source code and offered it for free to every registered user of the forum….
The source code was placed in a password protected file accesss, and to obtain it the registered users had only to request the code from the forum administrator.
Of course, things did not go as planned and users started to share the code with each other.
And now what;
In case of leaking the source code of something dangerous malware, waves of attacks erupt from thousands of malware mutations. Logical because any user with programming knowledge can add their own elements to the code and evolve or mutate it as they wish.
Here is to mention that Mazar BOT is one of the most, if not the most dangerous, bank malicious trojan that beats Android devices.