Group-IB research team detected in the black market the offer for a new virulent variant for Android banking trojan («hardcore88»).
Group-IB experts found new kind of Android banking trojan («hardcore88») offered on theblackmarket,cybercriminals spread it through traditional banking malware with web-injects.
The technical specifications provided by the authors of Android banking trojan promise a very aggressive malware with friendly control that allow the management of multiple compromised devices.
Very high vitality after the infection of mobile device (stealth mode);
Comfortable WEB-interface, no need to use any gates or numbers, all is like in C&C for banking trojans;
SMS interception (detection of the device status, interception by sender, general interception);
Blocking of the incoming calls from the banks;
You can control multiple infected mobile devices from different countries from C&C.
The price for the new Android banking trojan is near 2 000$ and payment is allowed only through the escrow procedure, requested by the authors to avoid problems with non trusted contacts. Another payment variant is to work on 10-15% of the revenue.
First of all, right after the user is logged in the online-banking system, the malicious code asks him to enter the personal cellphone for validation and to download mobile application, which is the Android banking trojan in real.
<<It is one of the new and very efficient ways to spread mobile banking malware through WEB-injects on infected PC’s of personal banking customers, in such case criminals guarantees very high level of targeted installs and the best ROI for such underground business>> commented Nikita Kislitsin, Group-IB Bot-Trek business development manager.
It was found, that the criminals have targeted Australian Commonwealth Bank as proved in the samples.
<<We see, that Australian online-banking theft attracts cybercriminals from all over the world, especially, from ex-USSR countries, as this niche is quite new for them and provides for flexibility. Some time ago we have found a large botnet named “Kangoo” based on Australian infected IPs by Carberp trojan» – said Andrey Komarov, Group-IB CERT Chief Technical Officer.>>
According to Group-IB, the “hardcore88” group has several modifications of the Android banking trojan for several popular mobile platforms, including Apple iOS and Blackberry.
The discovery confirms the alarming growth of Android malware observed by principal security firms, the explosion will continue sustained by the large diffusion of popular Google OS.
Pierluigi Paganini is member of the ENISA (European Union Agency for Network and Information Security) Threat Landscape Stakeholder Group and Cyber G7 Group, he is also a Security Evangelist, Security Analyst and Freelance Writer.
Editor-in-Chief at "Cyber Defense Magazine", Pierluigi is a cyber security expert with over 20 years experience in the field, he is Certified Ethical Hacker at EC Council in London. The passion for writing and a strong belief that security is founded on sharing and awareness led Pierluigi to find the security blog "Security Affairs" recently named a Top National Security Resource for US.
Pierluigi is a member of the "The Hacker News" team and he is a writer for some major publications in the field such as Cyber War Zone, ICTTF, Infosec Island, Infosec Institute, The Hacker News Magazine and for many other Security magazines.
Author of the Books "The Deep Dark Web" and “Digital Virtual Currency and Bitcoin”.