Group-IB research team detected in the black market the offer for a new virulent variant for Android banking trojan («hardcore88»).
Group-IB experts found new kind of Android banking trojan («hardcore88») offered on the blackmarket, cybercriminals spread it through traditional banking malware with web-injects.
The technical specifications provided by the authors of Android banking trojan promise a very aggressive malware with friendly control that allow the management of multiple compromised devices.
- Very high vitality after the infection of mobile device (stealth mode);
- Comfortable WEB-interface, no need to use any gates or numbers, all is like in C&C for banking trojans;
- SMS interception (detection of the device status, interception by sender, general interception);
- Blocking of the incoming calls from the banks;
- You can control multiple infected mobile devices from different countries from C&C.
The price for the new Android banking trojan is near 2 000$ and payment is allowed only through the escrow procedure, requested by the authors to avoid problems with non trusted contacts. Another payment variant is to work on 10-15% of the revenue.
First of all, right after the user is logged in the online-banking system, the malicious code asks him to enter the personal cellphone for validation and to download mobile application, which is the Android banking trojan in real.
<<It is one of the new and very efficient ways to spread mobile banking malware through WEB-injects on infected PC’s of personal banking customers, in such case criminals guarantees very high level of targeted installs and the best ROI for such underground business>> commented Nikita Kislitsin, Group-IB Bot-Trek business development manager.
It was found, that the criminals have targeted Australian Commonwealth Bank as proved in the samples.
<<We see, that Australian online-banking theft attracts cybercriminals from all over the world, especially, from ex-USSR countries, as this niche is quite new for them and provides for flexibility. Some time ago we have found a large botnet named “Kangoo” based on Australian infected IPs by Carberp trojan» – said Andrey Komarov, Group-IB CERT Chief Technical Officer.>>
According to Group-IB, the “hardcore88” group has several modifications of the Android banking trojan for several popular mobile platforms, including Apple iOS and Blackberry.
The discovery confirms the alarming growth of Android malware observed by principal security firms, the explosion will continue sustained by the large diffusion of popular Google OS.
Pierluigi Paganini
(Security Affairs – Android banking trojan, mobile)
Share On
