A few days ago it became known that the author of the famous mobile banker Exobot decided to sell its source code. If you suddenly missed everything and don’t understand what we’re talking about, let us explain.
Exobot is a Trojan that disguises itself as other applications and collects users' bank card data. It has been on the market since 2013 and is known as Marcher. Exobot was one of the most active banking Trojans on Android devices, including BankBot, Acecard, Mazar Bot and Red Alert. The malware stole users' bank card data under the guise of a store payment page. But since 2016, users began to receive SMS or MMS messages with links to fake applications such as WhatsApp, Netflix, Runtastic, the game Super Mario Run, and later to porn sites. Now experts have discovered that the author of the Trojan decided to get rid of the source code by selling it to a small number of clients. “According to the statement of the author of the Trojan, he has become rich,” shares SfyLabs analyst Cengiz Han Sahin. “Usually such statements in this area mean that either the attacker has noticed an increase in interest in himself from law enforcement agencies, or competitors have taken over from him market share. That is, the risks have become too great compared to the profits." The Bleeping Computer reporter claims that Exobot brought the owner a stable profit and was popular among the target audience around the world. By clicking on the link and installing malware, the user provided the attackers with administrator rights and access to all functions, which allowed them to track messages from banks with codes and block antiviruses. Now experts are concerned about the leakage of Exobot source codes on the Internet, since such sales are often leaked into the public domain. As practice shows, open source codes of bankers generate a large number of malicious applications in as a result of hacker experiments.Similar situations happened with such bankers as Slempo, BankBot and GM Bot.
GO TO FULL VERSION