Slashdot Mirror

← Back to Stories (view on slashdot.org)

The Source of All Major Android Banking Trojans Just Got Updated To V2 (softpedia.com)

Posted by BeauHD on from the new-and-improved dept.

An anonymous reader writes: Apparently, during the past months it has started coming to the surface the fact that most top-tier Android malware was actually related, coming from a common malware variant called GM Bot, and sold for only $5,000 on underground hacking forums. Taking advantage of his new found glory, the coder behind that malware has now released a second version, three times the price of the first, complete with 3 exploits that can guarantee root access on older versions of Android (which are plenty thanks to [ignorant] OEMs and carriers). Some of the malware that originated from GM Bot includes: SimpleLocker (first crypto-ransomware for Android), AceCard (considered the most sophisticated Android malware to date), Bankosy and SlemBunk (banking trojan and backdoor), and Mazar Bot (banking trojan, backdoor and ransomware). To make things worse, GM Bot v1's source code also got leaked online, making it available to any halfwit developer that wants a crack at a cybercrime career.

3 of 38 comments (clear)

  1. When is Google going to wake up? by Anonymous Coward · · Score: 2, Insightful

    And give Android two things:

    1) The Linux Netfilter firewall as standard (not requiring rooting first) plus all the necessary user-level power tools as well as simple user-friendly apps to control it.

    2) User-control of app permissions post-install , not just the choice of "either don't install an app, or else install it and grant every permission that its developer requests for as long as it's installed". This idiotic design is a travesty of insecurity and anti-privacy, and Google should be ashamed of themselves for it.

    The non-technical Android user today (who can't be expected to root their device) is virtually powerless, and ripe for harvesting by organized crime --- they must love Google's Android team, the crime enablers.

  2. Re:fail++ by AC-x · · Score: 3, Insightful

    Who is dumb enough to do banking on something so insecure as a desktop browser? It's a seive.

  3. Re:fail++ by aaarrrgggh · · Score: 3, Insightful

    Yup... It used to be that the smartphone was more secure without Java, Flash, Acrobat, and a "trusted" cellular internet connection.

    Kids used to walk to school alone too!

    Not sure how much is perception and how much is a real problem in either case.