Banking Trojans for Android Infect Over 200,000 Users

android-trojan-spylockerResearchers have reported that Android phones have been infected in a massive redistribution campaigns of banking malware for the mobile OS. Experts at Avast have reported that the malware is an evolved version of what is known as GM Bot – a banking trojan first detected in the year 2014.

GM Bot Of Russian Origins

When the mobile malware has first been detected it has been reported to be very successful due to it’s source code created by a dark net developer going by the nickname Ganjaman.

The developer did create a very nasty piece of malware indeed, but he did not develop methods to make the malware convenient in order to sell it on the black malware and since the profits were likely low, the virus was released for free along with it’s source code.

Ganjaman Behind New Banking Trojan

The dev of this malware did not stop there, however. In fact, new iteration of the malware was later released giving the opportunity to once more generate income from this nasty malware.

The second version, also known as GM Bot v2, was also known for it’s many improvement but the creator still did not provide any support, resulting in his band from deep web marketplaces.

GM Bot however, has gained a lot of popularity exactly because of how dangerous it was. But besides the ones who are directly involved in development of Android who started learning about GM Bot, the malware has also become very popular amongst malware writers as well, resulting in numerous variants of it released in the deep web.

Not only this, but the methods of how GM Bot infects have also changed, using social engineering to extract personally identifiable information, like a photo of the personal ID card or a selfie next to the ID.

GM Bot Now Infects on Android 6.0 and Newer

The cyber-criminals behind GM Bot are very creative when it comes to infecting newer Android devices. They may insert the malicious code containing the GM Bot virus inside a completely legitimate application behind a web player or a plugin, like Flash, for example. Common way to get infected is also by downloading non-confirmed applications from third-party websites as well.

This has created an opportunity for the developer who has generated revenue selling the banking trojan for Android devices which resulted in a high rate of infections related to numerous banks on different points of the globe.

What About The Future of GM Bot

Researchers feel convinced that this malware will keep generating revenue and it is completely up to Ganjaman, it’s developer to take the risk of developing a 3rd version, which may be spread even more massively if the right distribution strategies are used by crooks.

Vencislav Krustev

A network administrator and malware researcher at SensorsTechForum with passion for discovery of new shifts and innovations in cyber security. Strong believer in basic education of every user towards online safety.

More Posts - Website

Share on Facebook Share
Loading...
Share on Twitter Tweet
Loading...
Share on Google Plus Share
Loading...
Share on Linkedin Share
Loading...
Share on Digg Share
Share on Reddit Share
Loading...
Share on Stumbleupon Share
Loading...
Please wait...

Subscribe to our newsletter

Want to be notified when our article is published? Enter your email address and name below to be the first to know.