A new banking Trojan has been targeting the bank accounts of Russian Android device owners, after getting leaked online by an underground hacking forum.
Dubbed BankBot by researchers from Dr Web, the Trojan acquires administrator privileges, and removes the app's icon from the phone's home screen so victims believe it was removed and they are safe. The Trojan remains active however, waiting for commands from attackers.
BankBot can intercept SMS messages, make calls, track devices, steal contacts and steal sensitive information like credit card numbers.
The malware has the ability to hide itself until the victim opens any mobile banking or social media app and then launches a phishing login which overlays the original, tricking victims into re-entering their payment card details. The data is then sent back to servers where attackers can access it and use it for other criminal activities.
As well as this, BankBot can also intercept text messages and send them to the attackers, but delete them from the victim's smartphone. This could mean that bank notifications never reach the users.
According to security researchers from Dr Web, many variants of the Trojan are expected due to the leak of the source code online, along with the information on how to use it.
Android devices should also see an increase in number of cyber-attacks as a result of this.
Dr Web researchers said they have already discovered one banking Trojan in the wild developed using this leaked source code, and asserted that the malware is distributed by popular apps either directly injected in APKs available online or in third-party app stores.
Lamar Bailey, senior director, security R&D at Tripwire explains: “Dumping malware code is a great way to allow others to contribute to the code and modify it to help evade detection. This tactic was very successful for the Zeus. When you have a larger group modifying the code the number of variants increases rapidly, making it very hard for security products that rely on pattern matching to detect it.”