An Android banking Trojan source code, named Exobot, has been released online, causing the malware to circulate widely on the dark web.
Android banking malware Exobot source code released online
Called Exobot, the malware targets Android users via malicious apps, some of which have made their way onto the Google Play store.
According to security firm TripWire’s latest blog, after successful installation, these malicious apps load up Exobot once they’re fired up, which uses overlay attacks whenever the infected device’s owner visits a banking website.
This technique allows Exobot’s handlers to steal users’ banking credentials, which they can then use to siphon money from victims’ accounts.
Bleeping Computer was the first to report the news after it received a copy of the source code from an unknown individual and has been working with security companies ESET and ThreatFabric to verify its authenticity.
The security researchers from ThreatFabric reort that the code was for version 2.5 of the malware, otherwise known as the “Trump Edition”, and later confirmed that someone leaked the source code for that variant in May.
The malware author announced the sale of their creation in December 2017. It is thought that someone who purchased the source code for the Trump Edition leaked it online in order to share it with the malware community.
As a result of the leak, security researchers are left concerned that there will be an upsurge in Exobot-based attacks due to it being so easy for anyone to get their hands on the code.
They’ve therefore warned Android users to protect themselves by downloading apps from only trusted developers on the Google Play Store as without the incentive of users making mistakes, they’ll be less demand for such malware in the first place.