Follow Slashdot blog updates by subscribing to our blog RSS feed


Forgot your password?
Android IBM Open Source Security Software News Hardware

The Source of All Major Android Banking Trojans Just Got Updated To V2 ( 38

An anonymous reader writes: Apparently, during the past months it has started coming to the surface the fact that most top-tier Android malware was actually related, coming from a common malware variant called GM Bot, and sold for only $5,000 on underground hacking forums. Taking advantage of his new found glory, the coder behind that malware has now released a second version, three times the price of the first, complete with 3 exploits that can guarantee root access on older versions of Android (which are plenty thanks to [ignorant] OEMs and carriers). Some of the malware that originated from GM Bot includes: SimpleLocker (first crypto-ransomware for Android), AceCard (considered the most sophisticated Android malware to date), Bankosy and SlemBunk (banking trojan and backdoor), and Mazar Bot (banking trojan, backdoor and ransomware). To make things worse, GM Bot v1's source code also got leaked online, making it available to any halfwit developer that wants a crack at a cybercrime career.
This discussion has been archived. No new comments can be posted.

The Source of All Major Android Banking Trojans Just Got Updated To V2

Comments Filter:
  • by 110010001000 ( 697113 ) on Saturday March 12, 2016 @12:57PM (#51684745) Homepage Journal
    How can I grab the latest version? I tried Sourceforge, but didn't see anything available. Please help!
  • by ErikTheRed ( 162431 ) on Saturday March 12, 2016 @12:59PM (#51684765) Homepage

    I don't really get the outrage at this. Criminals are going to commit crimes. I think the outrage would be better directed at Google for promulgating a "security-last" OS to manufacturers who, for the most part, can't be bothered with updates after a few months. When you suck at security almost infinitely more than Microsoft, that's saying something...

    • by Anonymous Coward

      "security last" except when it comes to the customer, then it's "complete lockdown first and foremost", where if you sidestep that you've waved bye-bye to your warranty and manufacturer support. Probably also putting yourself on a list of people handed off to Google's double secret NSA side council that guarantees you will have trojans on your phone.

    • by aaarrrgggh ( 9205 ) on Saturday March 12, 2016 @02:13PM (#51685105)

      I think you are stating the obvious there... this is one of the fundamental flaws of the Android ecosystem.

      Are we going to have to start being nutjob-paranoid and placing a dedicated browser in a virtual machine with only a single trusted certificate and using a pin-protected RSA key for every transaction?

      I almost want a dumb phone and a Filofax now.

      • You probably should use a dumb phone and a fax machine since we are stripping away our privacy so that foreign criminals can sniff all of our online activity.
    • by Locke2005 ( 849178 ) on Saturday March 12, 2016 @02:20PM (#51685143)
      Hardware vendors and cell companies have zero incentive to continue to support phones they are no longer selling. Why would you even expect them to keep shipping updates for them? Yes, Google bears some of the blame for setting up the Android ecosystem this way, instead of obligating some entity with the responsibility to continue support.
    • It's not "Security last" it's "Let's treat users like they're not fucking idiots." In order for this malware to infect your phone, you'll have to download an APK from a shoddy site, enable 3rd party package installations, and completely disregard the warning message.
  • by Anonymous Coward

    And give Android two things:

    1) The Linux Netfilter firewall as standard (not requiring rooting first) plus all the necessary user-level power tools as well as simple user-friendly apps to control it.

    2) User-control of app permissions post-install , not just the choice of "either don't install an app, or else install it and grant every permission that its developer requests for as long as it's installed". This idiotic design is a travesty of insecurity and anti-privacy, and Google should be ashamed of them

    • They will never wake up. They are too busy sleeping on their piles of cash.
    • by sumdumass ( 711423 ) on Saturday March 12, 2016 @01:30PM (#51684885) Journal

      Netfilter might be too powerful for the majority of users. They would likely lock themselves down and eventually turn it off.

      As for permissions, I cannot agree more. Let the app stop working when the permissions are denied but let me change them. There are a few apps i use rarely enough that currently I uninstall between uses. If I could enable or disable permission i could just keep them on the phone. There are also some apps like the one for my blood pressure monitor that i refuse to install because it wants access to my call log, contacts, photos, and something else i cannot figure out why. I even contacted the manufacturer (omron) asking them to explain why but got no response.

      • by Geeky ( 90998 )

        The permissions thing came in with Android M. It's a pain for apps not specifically compiled for it though, because every time you update the apps you have to grant them all the permissions they want and then go and remove them again. But the feature is now there. If your phone vendor/carrier has given you M of course.

        • by Anonymous Coward

          The permissions thing came in with Android M. It's a pain for apps not specifically compiled for it though

          This is just more Android team incompetence.

          An app should have no business knowing whether permissions have been granted or denied to it, but should merely work in the expectation that it has them. The data it wants could even have been manufactured by the user uniquely for this app, and it's no business of the app's to know about such a user choice.

          It's private information whether permissions have b

      • There are also some apps like the one for my blood pressure monitor that i refuse to install because it wants access to my call log

        Try downloading the apk, unpack it with apktool, strip those permissions from AndroidManifest.xml, pack it back and then install it via adb.

        In fact, the baksmali 'assembly' format is very readable and easy to understand; you can study and modify the java part of an app almost as if you had the source code.

  • by Anonymous Coward

    1. Who is dumb enough to do banking on something so insecure as a mobile phone? It's a seive.
    2. Since people are dumb enough to do something so critical and private as banking on their phone, doesn't this bolster Apple's argument against the FBI?

  • that this ends up on a user's phone? I'm assuming it's not through the Play Store and the user was visiting Russian donkey porn sites?
    • Yea, porn sites. But people also use third-party stores to download games and apps that are clones of commercial games and apps on the Google Play Store.... you know... "pirates." For once, piracy doesn't pay, at least for Android.
    • Most likely Russians loading shitware onto the Play store.
  • I'm simply curious (not because I want to get into the business) as $15k plus $2k per month (or $8k plus $1.2k per month for the exploitless version) is not chicken feed.

    Are there that many "halfwit developers" out there that are willing to make this a viable option? Or, is this a case of the developer selling the malware to (would be) criminals, to make money on the work but minimize the risk?

    I'd be interested in seeing the contract in the case of the customer being caught and going to jail.

  • any halfwit developer that wants a crack at a cybercrime career

    I don't know where on the developer scale "halfwit" falls, but, in my experience the median programmer is fairly incompetent, and half of them are less talented than this - including the ones who can't copy/paste/modify stackoverflow examples and end up with working code.

    Without even looking at the codebase, I would expect that anyone capable of understanding the code and modifying it enough to make something different is well above the median. In the wealthier nations I think that they could probably ma

  • Are going to start WW3.
    • Are going to start WW3.

      And this is a damn shame! Has no one any pride left in their work in this country?!? It should be AMERICAN hackers who start WW3! GO USA!

  • "thanks to [ignorant] OEMs and carriers"

    That's an incorrect position.

    For the OEMs, they take a snapshot of the Android development tree at some stable point, and then they put in a hell of a lot of work to productize it for a given specific platform. And then they don't touch it, ever again. Each new phone is a new port, and each update to the OS on a phone would also be a new port.

    Maintaining version updates on an ongoing basis is not possible with this development model, and having Google do the product

"The eleventh commandment was `Thou Shalt Compute' or `Thou Shalt Not Compute' -- I forget which." -- Epigrams in Programming, ACM SIGPLAN Sept. 1982