No honor among thieves: Exobot banking trojan source code leaked online

No honor among thieves: Exobot banking trojan source code leaked online
featured image

This article originally appeared in SiliconANGLE on July 23, 2018.

The source code for the Exobot banking trojan has been leaked online putting even more Android users at risk of being targeted by the software.

First offered for sale on the darknet in 2016, the developers had originally offered Exobot as malware-as-a-service with hackers able to rent the software on a monthly basis but that changed in January this year when those behind the code decided to sell the source code for it instead.

Fast forward six months later and one of those buyers has now leaked the source code, with Bleeping Computer reporting that it has since “rapidly spread in the malware community, worrying researchers that a new wave of malware campaigns may be in the works.”

While ultimately making free code that was already available for purchase, access to the Exobot script potentially allows other hackers to create variants for future campaigns. Exobot itself has been previously distributed via malicious apps and once on an infected Android device is able to steal banking credentials which can subsequently be used to siphon money from a victim’s account.

Discussing the news, Chris Olson, chief executive officer of The Media Trust Company told SiliconANGLE that “leakage of the Exobot source code reflects cybercrime’s thriving, rapidly growing underground economy with low barriers to entry for players anywhere along the supply chain.”

“Malware can be easily purchased from a few dollars to several hundred dollars by individuals with even little technical expertise,” Olson explained. “Larger, more organized rings often appropriate the latest developments in cybersecurity and digital media to orchestrate their attack campaigns, which are becoming increasingly sophisticated and complex.”

“For the moment, ransomware is falling from favor while the use of cryptomining malware is rising. But regardless of what the new cyberweapon of the month is, corporations will need to keep up with their criminal counterparts by taking a holistic approach to cybersecurity more broadly, and securing their digital assets more specifically,” Olson added. “This means paying ever more attention to internal threats, which can account for more than half of an organization’s threats and are harder to detect and prevent. Closing any loopholes on employee and third-party vulnerabilities will go a long way towards avoiding the disruptive, costly impact of overall digital threats.”