Attention all Android device users: another Exobot banking malware source code (version 2.5)has been leaked online. The first time it was detected was back in May of this year, and it is now being called the “Trump Edition.” Tripwire has determined that a rise in malicious Android applications is expected because of this leak, and the malware source code has been made readily available in hacking forums on the dark web.
The fact that banking applications and even banking websites are constantly being targeted by hackers is a widely-known one, and it’s also pretty common for Android Trojans to be utilized in attacks on banking applications. The new and improved “Trump Edition,” however, has made security experts concerned about two major issues. One, when infected Android devices hit the website of a bank or other financial institution, the user’s details are stolen by the overlay attack. And, two, any mobile banking malware that’s released quickly ripples across unassuming mobile devices.
Long-term implications could very well be the overall result from a rise in attacks like these, and they would likely affect more businesses other than just banks and/or other financial institutions. The vice president of NuData Security customer success, which is a Mastercard company, had this to say on the matter:
“The data this malware is targeting will impact not only banks and their customers but also e-commerce companies and other industries. Personally identifiable information extracted from Exobot-infected devices will quickly find its way to the dark web, where it can be used against the account holder’s account, as well as other online accounts.”
Frederik Mennes, of OneSpan believes that this leak of the Exobot source code could also cause a rise in overlay attacks, partly because the malware causes a window to pop up on top of the actual banking app and appears to be very similar to the genuine application.