Russian cyber criminals have started using premium Android malware with an extensive set of features after a free version of the code appeared online, warns Symantec.
iBanking, first spotted in 2013, used to retail for $5,000 and was available from a single underground vendor known only as ‘GFF’. But the source code was leaked in February, and the malware can now be deployed by anyone. Symantec predicts that the upsurge in activity will continue as the news of a free version spreads.
Once installed, iBanking gives the attacker the complete control over the handset, allowing them to intercept calls, send SMS to premium numbers and steal financial information.
Earlier this month, F-Secure revealed that 99 percent of the mobile malware discovered since February targets Android. The company noted that it was possible for Android malware to reach the official Google Play store, with large numbers of users downloading malicious apps before Google could remove them from the marketplace.
According to Symantec, iBanking is one of the most expensive pieces of malware on the market, especially popular among Eastern European cybercrime gangs. It can be configured to look like the official apps from a range of different banks and social networks.
This strain of malware can be controlled online, or through SMS if the Internet connection is not available. iBanking can also prevent the owner from deleting certain apps or restoring handset to the factory settings.
Symantec assumes that the malware code was discovered accidentally by a Russian hacker named ‘ReVOLVeR’ on a Command and Control sever which also contained administrator credentials for the BBC website. A hacker called ‘Rome0’ then adopted the code and posted it online for free.
Researchers believe that the more professional cybercrime groups will continue to pay for iBanking to continue accessing updates, technical support and new features. The leaked version of iBanking is unsupported and contains an unpatched vulnerability.
Symantec advises users to keep their desktop antivirus updated in order to stop iBanking from piggybacking on top of known Trojans. It also warns against clicking any links to download APKs that arrive via SMS.
Unfortunately, some iBanking APKs could make their way onto trusted app marketplaces and users should be aware of this as a potential avenue of infection.
What do you know about Android? Take our quiz!
Fourth quarter results beat Wall Street expectations, as overall sales rise 6 percent, but EU…
Hate speech non-profit that defeated Elon Musk's lawsuit, warns X's Community Notes is failing to…
Good luck. Russia demands Google pay a fine worth more than the world's total GDP,…
Google Cloud signs up Spotify, Paramount Global as early customers of its first ARM-based cloud…
Facebook parent Meta warns of 'significant acceleration' in expenditures on AI infrastructure as revenue, profits…
Microsoft says Azure cloud revenues up 33 percent for September quarter as capital expenditures surge…