Eskenzi PR ad banner Eskenzi PR ad banner
  • About Us
Tuesday, 26 September, 2023
IT Security Guru
Eskenzi PR banner
  • Home
  • Features
  • Insight
  • Channel News
  • Events
    • Most Inspiring Women in Cyber 2022
  • Topics
    • Cloud Security
    • Cyber Crime
    • Cyber Warfare
    • Data Protection
    • DDoS
    • Hacking
    • Malware, Phishing and Ransomware
    • Mobile Security
    • Network Security
    • Regulation
    • Skills Gap
    • The Internet of Things
    • Threat Detection
    • AI and Machine Learning
    • Industrial Internet of Things
  • Multimedia
  • Product Reviews
  • About Us
No Result
View All Result
  • Home
  • Features
  • Insight
  • Channel News
  • Events
    • Most Inspiring Women in Cyber 2022
  • Topics
    • Cloud Security
    • Cyber Crime
    • Cyber Warfare
    • Data Protection
    • DDoS
    • Hacking
    • Malware, Phishing and Ransomware
    • Mobile Security
    • Network Security
    • Regulation
    • Skills Gap
    • The Internet of Things
    • Threat Detection
    • AI and Machine Learning
    • Industrial Internet of Things
  • Multimedia
  • Product Reviews
  • About Us
No Result
View All Result
IT Security Guru
No Result
View All Result

iBanking Mobile Bot Source code Leaked

by The Gurus
February 21, 2014
in Editor's News
Share on FacebookShare on Twitter

RSA, the security division of EMC, researchers have recently traced a forum post leaking the iBanking mobile bot control panel source-code. Apart from the server-side source-code, the leaked files also include a builder (a bash script) that can un-pack the existing iBanking APK file and re-pack it with different configurations, essentially providing fraudsters with the means to create their own unique application.
 
iBanking mobile bot is a relative new-comer to the mobile malware scene, and has been available for sale in the underground for $5,000 since late last year. It was first seen spreading through HTML injection attacks on banking sites, social engineering victims into downloading a so called “security app” for their Android devices.
 
The malware goes beyond being yet another SMS-sniffer app, offering features such as call redirecting, audio recording (using the device’s mic) and data stealing. It is an example of the ongoing developments in the mobile malware space andRSa says it is now seeing the next generation of malicious apps being developed and commercialized in the underground, boasting web-based control panels and packing more data-stealing features.
 
In order to deceive its victims, the iBanking app disguises itself in different ways. “During our analysis we observed two main graphic templates: one made use of its target’s logos and monikers (in our analysis a well-known financial institution), and in another it masqueraded as a security app. Furthermore, during the installation process the app attempts to social engineer the user into providing it with administrative rights, making its removal much more difficult,” said RSA FirstWatch researcher Lior Ben-Porat in a blog post.
 
With the apparent code leak, Trojan botmasters are now in a better position to incorporate this advanced mobile counterpart in their PC-based attacks, affording them control over their victims’ smartphones. What’s more, the panel’s “sandboxing” feature, supporting multiple unrelated attack campaigns (or mobile botnets), may encourage mobile-botnet-as-a-service offerings in the underground marketplace.
 
The malware’s ability to capture SMS messages and audio recordings, as well as divert voice calls makes step-up authentication, is all the more challenging as fraudsters gain more control over the OOB device. “This highlights the need for stronger authentication solutions capable of validating users’ identities using multiple factors including biometric solutions. The latter will also assist in reducing the dependency on conscious human intervention making social engineering attempts void,” said Lior Ben-Prat.
 
The full RSA blog post can be found here: https://blogs.rsa.com/ibanking-mobile-bot-source-code-leaked/
 

 
FacebookTweetLinkedIn
Tags: BotnetfraudRSA
ShareTweet
Previous Post

AlienVault researcher identifies Yara rules for detecting Careto malware components

Next Post

Remote workers could leave enterprise networks at risk due to wireless router vulnerabilities

Recent News

Adarma Names James Todd as Chief Technology Officer, Reinforcing Dedication to Security Operations Excellence

Adarma Names James Todd as Chief Technology Officer, Reinforcing Dedication to Security Operations Excellence

September 25, 2023
Nurturing Our Cyber Talent

Nurturing Our Cyber Talent

September 25, 2023
The Journey to Secure Access Service Edge (SASE)

The Journey to Secure Access Service Edge (SASE)

September 22, 2023
WatchGuard

WatchGuard acquires CyGlass for AI-powered network anomaly detection

September 21, 2023

The IT Security Guru offers a daily news digest of all the best breaking IT security news stories first thing in the morning! Rather than you having to trawl through all the news feeds to find out what’s cooking, you can quickly get everything you need from this site!

Our Address: 10 London Mews, London, W2 1HY

Follow Us

© 2015 - 2019 IT Security Guru - Website Managed by Calm Logic

  • About Us
No Result
View All Result
  • Home
  • Features
  • Insight
  • Channel News
  • Events
    • Most Inspiring Women in Cyber 2022
  • Topics
    • Cloud Security
    • Cyber Crime
    • Cyber Warfare
    • Data Protection
    • DDoS
    • Hacking
    • Malware, Phishing and Ransomware
    • Mobile Security
    • Network Security
    • Regulation
    • Skills Gap
    • The Internet of Things
    • Threat Detection
    • AI and Machine Learning
    • Industrial Internet of Things
  • Multimedia
  • Product Reviews
  • About Us

© 2015 - 2019 IT Security Guru - Website Managed by Calm Logic

This site uses functional cookies and external scripts to improve your experience.

Privacy settings

Privacy Settings / PENDING

This site uses functional cookies and external scripts to improve your experience. Which cookies and scripts are used and how they impact your visit is specified on the left. You may change your settings at any time. Your choices will not impact your visit.

NOTE: These settings will only apply to the browser and device you are currently using.

GDPR Compliance

Powered by Cookie Information