Russian cyber criminals have started using premium Android malware with an extensive set of features after a free version of the code appeared online, warns Symantec.
iBanking, first spotted in 2013, used to retail for $5,000 and was available from a single underground vendor known only as ‘GFF’. But the source code was leaked in February, and the malware can now be deployed by anyone. Symantec predicts that the upsurge in activity will continue as the news of a free version spreads.
Once installed, iBanking gives the attacker the complete control over the handset, allowing them to intercept calls, send SMS to premium numbers and steal financial information.
Earlier this month, F-Secure revealed that 99 percent of the mobile malware discovered since February targets Android. The company noted that it was possible for Android malware to reach the official Google Play store, with large numbers of users downloading malicious apps before Google could remove them from the marketplace.
According to Symantec, iBanking is one of the most expensive pieces of malware on the market, especially popular among Eastern European cybercrime gangs. It can be configured to look like the official apps from a range of different banks and social networks.
This strain of malware can be controlled online, or through SMS if the Internet connection is not available. iBanking can also prevent the owner from deleting certain apps or restoring handset to the factory settings.
Symantec assumes that the malware code was discovered accidentally by a Russian hacker named ‘ReVOLVeR’ on a Command and Control sever which also contained administrator credentials for the BBC website. A hacker called ‘Rome0’ then adopted the code and posted it online for free.
Researchers believe that the more professional cybercrime groups will continue to pay for iBanking to continue accessing updates, technical support and new features. The leaked version of iBanking is unsupported and contains an unpatched vulnerability.
Symantec advises users to keep their desktop antivirus updated in order to stop iBanking from piggybacking on top of known Trojans. It also warns against clicking any links to download APKs that arrive via SMS.
Unfortunately, some iBanking APKs could make their way onto trusted app marketplaces and users should be aware of this as a potential avenue of infection.
What do you know about Android? Take our quiz!
Targetting AWS, Microsoft? British competition regulator soon to announce “behavioural” remedies for cloud sector
Move to Elon Musk rival. Former senior executive at X joins Sam Altman's venture formerly…
Bitcoin price rises towards $100,000, amid investor optimism of friendlier US regulatory landscape under Donald…
Judge Kaplan praises former FTX CTO Gary Wang for his co-operation against Sam Bankman-Fried during…
Explore the future of work with the Silicon In Focus Podcast. Discover how AI is…
Executive hits out at the DoJ's “staggering proposal” to force Google to sell off its…