Malware authors are selling Mazar Bot on Russian underground forums for $500
There have been a slew of Android banking Trojan released in the past year, and according to the IBM X-Force team, all of these malware are one of the same, originating from a threat family IBM has been tracking since 2014. In the past week, Heimdal Security was able to uncover a malware called Mazar BOT, but now, an even more sophisticated malware called GM BOT has emerged.
This particular malware had emerged on the Russian-speaking cybercrime underground forums, and was being sold for a price of $500. The malware was also being referred to as Acecard and Slempo, most likely to avoid being discovered by the authorities, as well as to rake a quick buck for the seller. According to the IBM security team, the creator of the threat has moved on to work on a newer iteration and thus, abandoned his current version (which was referred to version 1.0). However, he did manage to sell off its distribution rights for its most recent variant (known as Mazar BOT) to another criminal.
When the criminal decided to sell it off to the administrator of an underground hacking forum, that is when the source code leaked. The source code was placed in a password-protected archive, and registered forum users could send the forum admin a private message and request for a password. The administrator must have pondered over this request, but eventually gave in, but that is where the firestorm took place.
Users started sharing the password among themselves, and in no time, the Mazar BOT source code was being shared all over the hacking underground. So why exactly are we relaying all this information to you? It is because as soon as one dangerous malware gets leaked, then an even more dangerous iteration of that malware gets leaked, causing havoc in its wake. It is no joke that Mazar BOT is one of the, if not the, most dangerous Android banking trojan in Google’s mobile platform ecosystem.
Given below are what Android banking Trojan are capable of doing:
• They launch fake overlay windows that mimic bank applications to steal user credentials and payment card details.
• They control the device’s SMS relay to eavesdrop, intercept and send out SMS messages.
• They can forward phone calls to a remote attacker.
• They have spyware features and can control the device via remote commands.
So what exactly can you do to prevent such a thing happening to you? Well, a good form of practice would be to stop putting sensitive information inside the storage of your Android device.
