“RSA researchers have recently traced a forum post leaking the iBanking mobile bot control panel source-code. Apart from the server-side source-code, the leaked files also include a builder (a bash script) that can un-pack the existing iBanking APK file and re-pack it with different configurations, essentially providing fraudsters with the means to create their own unique application.
iBanking mobile bot is a relative new-comer to the mobile malware scene, and has been available for sale in the underground for $5,000 since late last year. We first saw it spread through HTML injection attacks on banking sites, social engineering victims into downloading a so-called “security app” for their Android devices.” explained in the blog post the Head of knowledge delivery and business development for RSA’s FraudAction Group, Daniel Cohen.
It’s clear that the availability of iBanking mobile bot source code will give the opportunity for cybercriminals to build customized versions of the malware in the future.
Daniel Cohen remarked that the proposal for mobile banking trojan source code is a new for the cyber criminal ecosystem despite the proposal in the underground marketplace is very articulate.
The bot could be commanded via SMS or over HTTP beaconing C&C server every pre-defined interval, then pull and execute the command if one is awaiting it. The app implements the following features:
“Apart from the server-side source-code, the leaked files also include a builder that can un-pack the existing iBanking APK file and re-pack it with different configurations, essentially providing fraudsters with the means to create their own unique application,” said Cohen.
“The malware’s ability to capture SMS messages and audio recordings, as well as divert voice calls makes step-up authentication all the more challenging as fraudsters gain more control over the OOB device. This highlights the need for stronger authentication solutions capable of validating users’ identities using multiple factors including biometric solutions.”
Necessary cookies are absolutely essential for the website to function properly. This category only includes cookies that ensures basic functionalities and security features of the website. These cookies do not store any personal information.
Any cookies that may not be particularly necessary for the website to function and is used specifically to collect user personal data via analytics, ads, other embedded contents are termed as non-necessary cookies. It is mandatory to procure user consent prior to running these cookies on your website.