Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Mobile & Wireless

Mobile Malware Market Increasingly Competitive

Mobile malware developers are competing for market share by creating highly sophisticated products or low-cost alternatives to existing offerings.

An analysis of the mobile malware marketplace conducted by IBM X-Force researchers showed that cybercriminals looking to make a profit by targeting smartphone users have plenty of products to choose from.

Mobile malware developers are competing for market share by creating highly sophisticated products or low-cost alternatives to existing offerings.

An analysis of the mobile malware marketplace conducted by IBM X-Force researchers showed that cybercriminals looking to make a profit by targeting smartphone users have plenty of products to choose from.

One of the most long-standing mobile malware families is GM Bot, also known as MazarBot, SlemBunk, Bankosy, Acecard and Slempo. This Android Trojan allows malicious actors to steal sensitive information from users by displaying phishing pages on top of legitimate banking applications in what is known as an overlay attack.

The source code of GM Bot v1 was leaked earlier this year and, shortly after, the malware’s developer announced the release of the second version, which he claims has been written from scratch.

GM Bot is highly sophisticated, but since it’s priced at $15,000 plus a monthly fee, some cybercriminals might be looking for less expensive alternatives. According to IBM, there are several Trojans that cost less and while they might not be as sophisticated as GM Bot, they’re all advertised as having overlay and data theft capabilities.

One of them is KNL Bot, a threat that has been around for at least as long as GM Bot, but which costs only half as much. The seller claims KNL Bot, whose package includes a botnet control panel, has all the functionality needed to steal banking credentials and payment card data.

Another alternative is Bilal Bot, a piece of malware that is less sophisticated than KNL Bot and GM Bot. Bilal Bot currently costs only $3,000, which includes unlimited bug fixes.

While it’s still in testing mode, the malware’s authors promise a variety of fraud-enabling features, including overlay screens, SMS hijacking and call forwarding capabilities. The developers say customers will be able to customize the overlay screens from the control panel before sending them to the malware.

Advertisement. Scroll to continue reading.

IBM researchers also found a newcomer dubbed Cron Bot, which first appeared on underground cybercrime websites on April 1. Cron Bot can be rented for a monthly fee ranging between $4,000 and $7,000, depending on the package.

Cron Bot’s authors promise a set of features commonly found in PC Trojans, including VNC, injection, loader, keylogger, SOCKS5 and cmd modules. An Android application package (APK) that is rented separately offers features that are similar to other mobile threats, including functionality for hijacking SMSs, call forwarding, overlay screens, and harvesting payment card and other types of information.

“KNL, Cron and Bilal are only three current-day examples from a mobile malware marketplace that has been gaining rapid momentum on many levels. Mobile malware nowadays is picked up and operated by different ranks of cybercriminals — from professional, organized gangs to the least experienced forum readers who buy malware and rely on technical setup and support services from underground vendors,” Limor Kessem, executive security advisory at IBM, wrote in a blog post.

“The rising supply of different offerings, including low-cost alternatives, may be in response to the rising demand for fraud-facilitating wares at a time when full-fledged banking Trojans have become the domain of organized crime groups. Overlay Android malware is fueled by cybercriminal buyers who see this capability as a panacea to the fraud endeavors they cannot carry out without a banking Trojan operation,” Kessem added.

Related: Asacub Android Malware – Spyware, Banking Trojan, and Backdoor

Related: Nasty “Brain Test” Android Malware Returns to Google Play

Written By

Eduard Kovacs (@EduardKovacs) is a managing editor at SecurityWeek. He worked as a high school IT teacher for two years before starting a career in journalism as Softpedia’s security news reporter. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering.

Click to comment

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Understand how to go beyond effectively communicating new security strategies and recommendations.

Register

Join us for an in depth exploration of the critical nature of software and vendor supply chain security issues with a focus on understanding how attacks against identity infrastructure come with major cascading effects.

Register

Expert Insights

Related Content

Mobile & Wireless

Infonetics Research has shared excerpts from its Mobile Device Security Client Software market size and forecasts report, which tracks enterprise and consumer security client...

Mobile & Wireless

Samsung smartphone users warned about CVE-2023-21492, an ASLR bypass vulnerability exploited in the wild, likely by a spyware vendor.

Malware & Threats

Apple’s cat-and-mouse struggles with zero-day exploits on its flagship iOS platform is showing no signs of slowing down.

Fraud & Identity Theft

A team of researchers has demonstrated a new attack method that affects iPhone owners who use Apple Pay and Visa payment cards. The vulnerabilities...

Mobile & Wireless

Critical security flaws expose Samsung’s Exynos modems to “Internet-to-baseband remote code execution” attacks with no user interaction. Project Zero says an attacker only needs...

Mobile & Wireless

Apple rolled out iOS 16.3 and macOS Ventura 13.2 to cover serious security vulnerabilities.

Mobile & Wireless

Two vulnerabilities in Samsung’s Galaxy Store that could be exploited to install applications or execute JavaScript code by launching a web page.

Mobile & Wireless

Asus patched nine WiFi router security defects, including a highly critical 2018 vulnerability that exposes users to code execution attacks.