Source Code for Android iBanking Bot Surfaces on Underground Forum

BY

Published 21 Feb 2014

NSFW AI Why trust Greenbot

We maintain a strict editorial policy dedicated to factual accuracy, relevance, and impartiality. Our content is written and edited by top industry professionals with first-hand experience. The content undergoes thorough review by experienced editors to guarantee and adherence to the highest standards of reporting and publishing.

Disclosure
The source code for an Android mobile banking Trojan app was on an underground forum. Making it possible for many cybercriminals to launch attacks using this kind of malware in the future. The Trojan app initially appeared on the underground market late last year with a price of $5,000. According to researchers from RSA, the security division of EMC spotted the recent source code leak. The RSA researchers call the malware app iBanking. Which is used in conjunction with malware to defeat mobile-based security mechanisms. Used by banking sites.
i banking 1
Most malware that targets online banking users can inject content into browsing sessions. The capability displays rogue bank forms on banking sites to steal users’ login credentials and other sensitive financial information. Such malware can also ride victims’ active online banking sessions to initiate rogue transactions from their accounts.
Many banks responded to these threats by implementing two-factor authentication transaction authorization systems. That work by sending unique one-time-use codes to their customers’ registered phone numbers via SMS. Faced with an increasing need to access their victims’ text messages to defraud them. Attackers have created mobile malware like iBanking.

All About iBanking

The iBanking malware is distributed. In an HTML injection attack on banking sites. In a blog post, the RSA researchers said engineering victims into downloading a so-called security app for their Android devices.

i banking 2

What It can do

In addition to capturing incoming and outgoing text messages, the iBanking App could redirect calls to a pre-defined phone number. The researchers said to capture audio from the surrounding environment using the device’s microphone. To steal data like the call history and log the phone book.
The malware connects to a command control server, allowing attackers to issue commands to each infected device. Then making iBanking not just a Trojan app, but a botnet client.
The iBanking source code leak spotted by the RSA researchers involved the source code for the malware’s bank-based control panel. And a script that can customize the iBanking App Android application package with different configurations.
The malicious App will be customized. Like a security app created by the financial institution. During installation, it asks for administrative rights, which can make it harder to remove later, the RSA researchers said.
The leaked source code for other commercial online banking malware programs like Zeus led to many attacks using those threats. It enabled cybercriminals to create more sophisticated Trojan programs based on them.
As a result of this code leak. Trojan bot masters are in a better position to incorporate an advanced mobile counterpart. And their bank-based attacks afford them control over their victims’ smartphones.
The malware can capture SMS messages and audio recordings and divert voice calls. And makes step-up authentication all the more challenging as fraudsters gain more control over the OOB [out-of-band] device, the researchers said. This highlights the need for more robust authentication solutions to validate users’ identities using multiple factors, including biometric solutions.