The source code of the Exobot Android banking trojan has been leaked online and experts believe that we will soon assist at a new wave of attacks based on the malware.
The Exobot Android banking trojan was first spotted at the end of 2016 when its authors were advertising it on the dark web.
The authors were advertising it saying that it can be used for phishing attacks, it implements various features of most common banking Trojan such as intercepting SMS messages.
Exobot is a powerful banking malware that is able of infecting even smartphones running the latest Android versions.
In January, the authors decided to stop working at the malware and offered for sale its source code.
“The code proved to be version 2.5 of the Exobot banking trojan, also known as the “Trump Edition,” one of Exobot’s last version before its original author gave up on its development.” reads a blog post published by Bleeping Computer.
According to experts from ThreatFabric the version provided to Bleeping Computer was leaked online in May. It seems that one of the users that purchased the malicious code decided to leak it online.
According to the experts, the source code for the Exobot Android banking Trojan is now being distributed on a few underground hacking forums, this means that threat actors can now work on their own version and also offer it with a malware-as-a-service model.
“In the coming months, we may see Android malware devs slowly migrating their campaigns from BankBot to Exobot, as few will decline a “free upgrade” to a better code.” concluded Bleeping Computers.
Necessary cookies are absolutely essential for the website to function properly. This category only includes cookies that ensures basic functionalities and security features of the website. These cookies do not store any personal information.
Any cookies that may not be particularly necessary for the website to function and is used specifically to collect user personal data via analytics, ads, other embedded contents are termed as non-necessary cookies. It is mandatory to procure user consent prior to running these cookies on your website.