The source code for an Android banking Trojan has been leaked online, leading the malware to circulate widely on the underground web.
Called Exobot, the malware targets Android users via malicious apps, some of which have made their way onto the Google Play Store.
According to security firm TripWire’s latest blog post, after successful installation, these malicious apps load up Exobot once they’re fired up, which uses overlay attacks whenever the infected device’s owner visits a banking website.
This technique allows Exobot’s handlers to steal users’ banking credentials, which they can then use to siphon money from victims’ accounts.
Security site Bleeping Computer was the first to report the news as it said it received a copy of the source code from an unknown individual back in and has been working with security companies ESET and ThreatFabric ever since to verified its authenticity.
The security researchers from ThreatFabric told Bleeping Computer that the code was for version 2.5 of the malware, otherwise known as the “Trump Edition” and later confirmed that someone leaked the source code for that variant in May.
As recently reported by ThreatFabric, the malware author announced the sale of their creation in December 2017. It is thought that someone who purchased the source code for the Trump Edition leaked it online in order to share it with the malware community. Indeed, Bleeping Computer confirmed the appearance of the malware’s leaked source code on several underground forums after its leak.
As a result of the leak, security researchers are left concerned that there will be an upsurge in Exobot-based attacks due to it being so easy for anyone to get their hands on the code.
They’ve therefore warned Android users to protect themselves by downloading apps from only trusted developers on the Google Play Store as without the incentive of users making silly mistakes, they’ll be less demand for such malware in the first place.