Group-IB experts found new kind of Android banking trojan («hardcore88») offered on the blackmarket, cybercriminals spread it through traditional banking malware with web-injects.
The technical specifications provided by the authors of Android banking trojan promise a very aggressive malware with friendly control that allow the management of multiple compromised devices.
The price for the new Android banking trojan is near 2 000$ and payment is allowed only through the escrow procedure, requested by the authors to avoid problems with non trusted contacts. Another payment variant is to work on 10-15% of the revenue.
First of all, right after the user is logged in the online-banking system, the malicious code asks him to enter the personal cellphone for validation and to download mobile application, which is the Android banking trojan in real.
<<It is one of the new and very efficient ways to spread mobile banking malware through WEB-injects on infected PC’s of personal banking customers, in such case criminals guarantees very high level of targeted installs and the best ROI for such underground business>> commented Nikita Kislitsin, Group-IB Bot-Trek business development manager.
It was found, that the criminals have targeted Australian Commonwealth Bank as proved in the samples.
<<We see, that Australian online-banking theft attracts cybercriminals from all over the world, especially, from ex-USSR countries, as this niche is quite new for them and provides for flexibility. Some time ago we have found a large botnet named “Kangoo” based on Australian infected IPs by Carberp trojan» – said Andrey Komarov, Group-IB CERT Chief Technical Officer.>>
According to Group-IB, the “hardcore88” group has several modifications of the Android banking trojan for several popular mobile platforms, including Apple iOS and Blackberry.
The discovery confirms the alarming growth of Android malware observed by principal security firms, the explosion will continue sustained by the large diffusion of popular Google OS.
(Security Affairs – Android banking trojan, mobile)
Necessary cookies are absolutely essential for the website to function properly. This category only includes cookies that ensures basic functionalities and security features of the website. These cookies do not store any personal information.
Any cookies that may not be particularly necessary for the website to function and is used specifically to collect user personal data via analytics, ads, other embedded contents are termed as non-necessary cookies. It is mandatory to procure user consent prior to running these cookies on your website.