The source code of a nasty Android banking malware has been leaked via underground forums by an individual who appears to have purchased the malware from the developers. The malware is known by many names, although GM Bot is one of the most common. Others include Slempo, Bankosy, Acecard, and MazarBot.
The code, which was encrypted, was posted on an underground forum and the poster said he would be willing to supply the password to decrypt the file to anyone who asked him, provided they were active members of the forum. He appears to have made good on the offer, although someone else appears to have distributed the password to other individuals. With a number of individuals now in possession of the decrypted file, more attacks using GM Bot can be expected. The source code was previously being sold for $500 via banking
The malware family works using activity hijacking and can be used to attack users of Android 4.4 and below. The malware cannot be used on versions 5 and above, although that does mean that 65% of devices currently in use are susceptible GM Bot android banking malware attacks.
Android Devices Running KitKat and Below Susceptible to The Android Banking Malware
Activity hijacking is a technique used to log activities performed on a compromised device. In the case of this Android banking malware, it is used to record the login credentials entered into mobile banking apps. The user of a compromised device launches a banking app and enters their credentials; however, the malware uses an overlay above the actual app and all input is recorded and transmitted to the hacker.
This Android banking malware is also able to intercept SMS messages, enabling the hackers to hijack authentication codes sent to the user’s device. The malware can also forward phone calls allowing hackers to bypass other security protections used by banks. Data can also be deleted from a compromised device, and it can also capture data entered via websites via the Chrome browser. This Android banking malware is also known to lock users’ devices giving attackers the time they need to pull off banking fraud.
Security experts are predicting a wave of new attacks using GM Bot, but since the hacker also posted details of how it can be installed and supplied a tutorial, hackers could use the information to develop new Android banking variants.