A real "Swiss army knife" for opening Android

     




Developed by hackers from the group of WhiteHat malware iBanking for Android is so full featured that his researchers were forced to admit that it has become one of the most expensive melver-complexes available on the black market.

Its functionality includes the ability to redirect incoming voice calls, secret interception of sounds of the microphone, track geolocation, file system access, and remote proliferation of mobile botnets that use either HTTP or SMS to communicate, depending on the current network status of the infected phone.

Attackers use social networking tactics to entice their victims into downloading and installing iBanking on their Android device. The victim at this point, usually already infected with a financial Trojan on their PC, which generates a pop-up message when you visit banking sites or social network with a request to install a mobile app as an additional security measure.



Due to the high prices of the initial $ 5,000 of black market was not slow to appear fake. But hackers WhiteHat securely protect their development using AES encryption to hide the contents of the XML file, transforming it with the transcript in a huge file with information garbage.

Daniel Cohen, an analyst at RSA's FraudAction Group, wrote in his blog: "the iBanking Malware shows that mobile malware developers are aware of the need to protect their bots against analysis and indicates a possible new direction in this area."

However, I found a specialist who got to the source code to iBanking.

iBanking is sold by a group known as GFF. Interestingly, the high price of iBanking preserved even in the first months after the leak of the source code. The leak was carried out by someone who claimed that he discovered that his friend's smartphone had been infected by iBanking. He eventually tracked down the command and control channel distribution.

Hacker, eventually, has released the source code on underground forums, which suggests that the code was obtained by hacking into one of the systems used by the operators iBanking.

source

Source: /users/104