Android iBanking Trojan Source Code Leaked Online

Smartphone is the need of everyone today and so the first target of most of the Cyber Criminals. Malware authors are getting to know their market and are changing their way of operations. Since last year we have seen a rise in the number of hackers moving from the Blackhat into the Greyhat.

The Head of knowledge delivery and business development for RSA's FraudAction Group, Daniel Cohen warned users about the new threat via a company blog on Thursday, that explains everything about the malware app, called iBanking.


iBanking, a new mobile banking Trojan app which impersonates itself as an Android 'Security App', in order to deceive its victims, may intimidate a large number of users as now that its source code has been leaked online through an underground forum.

It will give an opportunity to a larger number of cybercriminals to launch attacks using this kind of ready-made mobile malware in the future.

Since many banking sites use two-factor authentication and transaction authorization systems in order to deal with the various threats, by sending unique one-time-use codes to their customers' registered phone numbers via SMS, but in order to defraud them, cyber criminals have started to create various mobile malware like iBanking to solve their purpose.

According to Security Researcher Daniel Cohen, the iBanking mobile bot is a relative all new to the mobile malware arena, and has been available for sale in the Underground Hacking Marketplace [Forum Link] since late last year for $5,000.
"We first saw the iBanking malware was distributed through HTML injection attacks on banking sites, social engineering victims into downloading a so called 'security app' for their Android devices," said the RSA researchers in a blog post.
In addition, with the iBanking malware, Computer malware is used to defeat the mobile-based security mechanisms used by the banking sites.
"Apart from the server-side source-code, the leaked files also include a builder that can un-pack the existing iBanking APK file and re-pack it with different configurations, essentially providing fraudsters with the means to create their own unique application," added Daniel Cohen.

In addition to SMS Sniffing, the iBanking app allows an attacker to redirect calls to any pre-defined phone number, capture audio using the device's microphone and steal other confidential data like call history log and the phone book contacts. 
During the installation process, the malicious app attempts to Social Engineer the user into providing it with administrative rights, making its removal much more difficult.
"The malware is an example of the ongoing developments in the mobile malware space and we are now seeing the next generation of malicious apps being developed and commercialized in the underground, boasting web-based control panels and packing more data-stealing features," said Daniel and added that 
"The malware’s ability to capture SMS messages and audio recordings, as well as divert voice calls makes step-up authentication all the more challenging as fraudsters gain more control over the OOB device. This highlights the need for stronger authentication solutions capable of validating users’ identities using multiple factors including biometric solutions."
These Days, the malware apps are particularly dangerous as they are often designed to look as authentic as possible and one in five mobile threats are now bots, which is a sign that the complexity of Mobile Malware is increasing.