October 25, 2013 By Dancho Danchev

Cybercriminals release new commercially available Android/BlackBerry supporting mobile malware bot

Thanks to the growing adoption of mobile banking, in combination with the utilization of mobile devices to conduct financial transactions, opportunistic cybercriminals are quickly capitalizing on this emerging market segment.  Made evident by the release of Android/BlackBerry compatible mobile malware bots. This site is empowering potential cybercriminals with the necessary ‘know-how’ when it comes to ‘cashing out’ compromised accounts of E-banking victims who have opted-in to receive SMS notifications/phone verification, whenever a particular set of financial events take place on their bank accounts.

A new commercially available Android, BlackBerry (work in progress) — supporting mobile malware bot is being pitched by its vendor, with a specific emphasis on its potential to undermine modern E-banking security processes, like for instance, SMS alerts. Let’s discuss some of its core features and emphasize on an emerging trend within the cybercrime ecosystem, namely the ‘infiltration’ of Google Play as a service.

Sample screenshots from the mobile malware bot’s manual+the actual administration panel:

Android_BlackBerry_Malware_Bot

Android_BlackBerry_Malware_Bot_01

Android_BlackBerry_Malware_Bot_02

Android_BlackBerry_Malware_Bot_03

 

a

Android_BlackBerry_Malware_Bot_04

Priced at $4,000, the bot’s features can be used to undermine two factor authentication/SMS alerts protection features offered by a financial institution, as well as result in a direct privacy violations once the integrity and confidentiality of the mobile device has been compromised.

Some of the bot’s core features include:

  • hijack incoming SMS messages and silently forwarding them to any given number in real-time
  • hijacking of any incoming calls and silently forwarding them to any given number in real-time
  • complete access to the SMS messages on the affected device
  • complete access to the Call History of an affected device
  • complete access to the Contacts found on an affected device
  • audio recording using the device’s microphone, the uploading the file to a server
  • sending an SMS on behalf of the infected device’s owner
  • call any number of behalf of the infected device’s owner
  • control the infected mobile device through an Internet connection, or through SMS messages in cases where no Internet connection is available
  • get the phone number, as well as the ICCID, IMEI, IMSI, Model and OS of the infected device

Based on requests from potential customers, the interface can be localized to their “favorite language”. What’s also worth emphasizing on regarding this particular commercially available mobile malware bot, is that, the vendor is also offering the option to have your malware variant directly made available to the millions of Google Play users. How does this take place to begin with? In a pretty simple way, taking into consideration the fact that cybercriminals continue to actively data mine their botnet’s ‘infected population’ in an attempt to monetize the outcome of their campaigns. Through the acquisition of compromised Google Play accounts, cybercriminals are perfectly positioned to abuse this access to a legitimate/verified developer’s account, for fraudulent and malicious purposes.

We’ll continue monitoring the development of this mobile malware bot, and post updates as soon as its vendor introduces any features that could continue adapting to current/emerging anti mobile banking fraud processes.

Share Button
true