updated 08:52 pm EDT, Wed May 21, 2014
Evolving malicious tool adopts service model, grows increasingly complex
The market for malware tools is expanding, including the purchase of pre-made tools for a hefty fee from underground developers. One such tool aimed at Android, iBanking, promises to conduct a number of malicious actions including intercepting text messages, stealing phone information, pulling geolocation data and constructing botnets with infected devices. All it would cost to obtain the program is $5,000, even after its source code leaked earlier in the year.
The iBanking malware has evolved from simply being able to steal SMS information, but has grown to be a much larger Trojan tool for would-be data thieves. Fake applications injected with the iBanking code have hit the marketplace, disguised as legitimate banking and social media apps, as a way for users to be convinced to use them.
The apps often appear to users who have already been infected on desktop machines, prompting them to fill in personal information. This then leads to an SMS message with a download link. Once the app is downloaded and installed, it begins feeding information to the attacker.
According to Symantec, the tool is "one of the most expensive pieces of malware" the company has seen, especially for one with that sets up a service business. Other malware applications have paved the way for things like customer support and HTML control panels, but not at such a high price.
Part of the larger problem with iBanking is that it resists most attempts to reverse engineer the software, giving it a better strength against those trying to craft similar tools, says an article from Ars Technica. The iBanking kit uses encryption and code obfuscation to hide the commands and actions it carries out. This prevents researchers from breaking down the process of the malware, as well as keeping others from using the code to clone more software.