What happens when a malware code is sold on underground board by black-hat vendors to fraudsters buyers? A source code leaked and a massive attack happened. This is what happened in December 2015, when the source code for the Android malware GM Bot, developed to perpetrate mobile banking frauds, was leaked by buyers and sold for free making everyone who wanted to attack with a banking Trojan capable of doing it.
This is the result of the analysis made by IBM X-Force security team, which found thousand releases of the same GM Bot malware, a Russian-speaking threat, which overlays screens on top of running banking application with the goal of tricking users to enter their credentials into a fake window. Also, GM Bot is capable of intercepting SMS messages and steals data, as a spyware. In short, mobile banking Trojans such as GM Bot are a one-stop fraud shop for criminals:
- They launch fake overlay windows that mimic bank applications to steal user credentials and payment card details;
- They control the device’s SMS relay to steal the information into SMS messages or information given by banking call centre;
- They can forward phone calls to a remote attacker;
- They have spyware features and can control the device via remote commands.
What it is important to underline is that using mobile malware is cheaper, safer, easier than using banking Trojans, for cybercrime. This is the reason why is growing day by day the importance of appropriate security solution.