The new Android banking malware ESET recently discovered on Google Play was spotted in the wild again, now improved and targeting more banks. Further investigation of this resurfacing threat has uncovered its code was built using source code that was made public a couple of months ago. ESET have discovered a new version of the trojan on Google Play, masquerading as yet another legitimate weather app, this time World Weather.
As it turns out, both of these Android trojans are based on a free source code that was made public online. Allegedly written from scratch, the “template” code of the Android malware along with the code of the C&C server including a web control panel have been available on a Russian forum since December 19, 2016.
On top of the weather forecast functionalities it adopted from the original legitimate application, Trojan.Android/Spy.Banker.HW (the newly detected version) is able to remotely lock and unlock infected devices by setting lock screen password and intercept text messages. The only difference between the two appears to be a wider target group – malware now affects users of 69 British, Austrian, German and Turkish banking apps – and a more advanced obfuscation technique.
The full blog is available here: http://www.welivesecurity.com/2017/02/23/released-android-malware-source-code-used-run-banking-botnet/
Most Commented Posts
2020 Cybersecurity Landscape: 100+ Experts’ Predictions
Cyber Security Predictions 2021: Experts’ Responses
Experts’ Responses: Cyber Security Predictions 2023
Celebrating Data Privacy Day – 28th January 2023
Data Privacy Protection Day (Thursday 28th) – Experts Comments
Most Active Commenters
“First of all, it should be praised that Ferrari have…
These findings aren’t very surprising given that unpatched zero-days provide…
These figures from Mandiant highlight how attackers are continuing to…
Just one week after the Zoll Medical data breach that…
Independent Living Systems (ILS), a Miami-based healthcare software firm providing…