The Android users were notified about another Exobot banking malware source code (v. 2.5) that was leaked online. It was actually first detected in May 2018 and then it was dubbed as “Trump Edition.” This leak has result of Android malicious apps that has given the malware source code which is now available in the dark web hacking forums, according to the Tripwire.
“The Trojan which gets the package name of the foreground app without requiring any additional permission. This is a bit buggy, still, but it works in most cases. The interesting part here is that no Android permissions are required. All other Android banking Trojans families which are using the Accessibility ore use Stats permissions to achieve the same goal and therefore it require user interaction with the victim,”
ThreatFabric security researcher, Cengiz Han Sahin told Bleeping Computer.
It is of course no secret that the bank websites and the banking apps that are under attacks and that are using the Android Trojans to target the banking apps which his fairly commonplace. With this new Trump Edition, now there are two primary concerns for the security professionals:
First, whenever if any infected Android device which hits the financial website, the overlay attack steals the user information.
Second, the releases of any mobile banking malware that will quickly ripple across the complete device.
An increase in such attacks that could have a very long term implication which will likely impact more than financial institutions. “The data this malware is targeting will impact not only the banks and their customers but also the ecommerce companies and other industries,” said Ryan Wilk, VP of customer success, NuData Security, a Mastercard Company.
“Personally identifiable information that is extracted from Exobot infected devices which will quicly find its way to the dark web, where it can easily be used against the account holder’s account, as well as the other online accounts.”
This source code which could easily increase in overlay attacks, according to the Frederik Mennes, the senior manager market and security strategy, security competence center at OneSpan. “Malware on the user’s mobile device shows a window on the top of the genuine mobile banking app that look very similar to the genuine app. In this way the malware aims to trick the user into entering his credentials into the overlay windows.”