Researchers Discover Carbanak Source Code Uploaded on VirusTotal
CYBER NEWS

Researchers Discover Carbanak Source Code Uploaded on VirusTotal

1 Star2 Stars3 Stars4 Stars5 Stars (No Ratings Yet)
Loading...

The source code of the infamous Carbanak banking malware was discovered uploaded on VirusTotal. More precisely, security researchers from FireEye say that they found the malware’s source code, builders, and some unknown plugins in two RAR archives that were uploaded on VirusTotal some two years ago from a Russian IP address.




What did the researchers say about the unusual discovery?

CARBANAK is one of the most full-featured backdoors around. It was used to perpetrate millions of dollars in financial crimes, largely by the group we track as FIN7. In 2017, Tom Bennett and Barry Vengerik published Behind the CARBANAK Backdoor, which was the product of a deep and broad analysis of CARBANAK samples and FIN7 activity across several years. On the heels of that publication, our colleague Nick Carr uncovered a pair of RAR archives containing CARBANAK source code, builders, and other tools (both available in VirusTotal: kb3r1p and apwmie).

The code analysis required two steps – displaying the files in the correct encoding and learning some Russian. It should be noted that the malware’s source code was 20MB in size consisting of 755 files, with 39 binaries and 100,000 lines of code. FireEye researchers plan to release a 4-part series of articles dedicated to Carbanak’s features and analysis based on the source code and reverse engineering.

Related:
The infamous Carbanak Banking Trojan that stole more than $1 billion from global financial organizations is active once again.
Carbanak New Versions Target Europe and USA.

More about Carbanak

The malware was discovered in 2014 by Kaspersky Lab researchers. The cybercriminals behind it have proven to be quite capable, initiating multiple successful attacks while avoiding detection. In retrospect, the criminal group first started its malicious campaigns about six years ago using Anunak and Carbanak in attacks against banks and ATM networks.

The criminals succeeded in stealing more than a billion euros from at least 100 international banks.

In 2015, the banking malware targeted Europe and USA in phishing scams. This specific version of Carbanak was digitally signed using Comodo.

Related:
Hacking group with long history in banking attacks has been reported to cause infections to ATM machines, allowing them to rig the machines to directly spit cash on the street. All the crooks had to do is stay in front...Read more
Millions Stolen via ATM Malware Rigged to Make Machines Drop Cash.

According to European authorities, the Carbanak criminal group at some point developed another sophisticated banking trojan called Cobalt. Many experts linked the Cobalt attacks to a hacking group with long criminal history related to such attacks. The Cobalt group is the one which was behind the attacks conducted against Russian banks in 2015 and 2016.

Milena Dimitrova

An inspired writer and content manager who has been with SensorsTechForum for 4 years. Enjoys ‘Mr. Robot’ and fears ‘1984’. Focused on user privacy and malware development, she strongly believes in a world where cybersecurity plays a central role. If common sense makes no sense, she will be there to take notes. Those notes may later turn into articles!

More Posts

Leave a Comment

Your email address will not be published. Required fields are marked *

Time limit is exhausted. Please reload CAPTCHA.

Share on Facebook Share
Loading...
Share on Twitter Tweet
Loading...
Share on Google Plus Share
Loading...
Share on Linkedin Share
Loading...
Share on Digg Share
Share on Reddit Share
Loading...
Share on Stumbleupon Share
Loading...