According to an analyst report published recently by the security experts over at Symantec, a new trojan is wreaking havoc on Android.
Dubbed the “Swiss Army knife” of mobile malware, the bug has proven itself to be a worthy competitor to the all-time greats of Android malware stretching back through the past few years of the OS’s comparatively short, and turbulent, lifespan.
The program finds its way onto the phones of unsuspecting users through standard phishing tactics, masking itself as a Facebook page or email attachment which claim the accounts of the person in question have been “compromised” in one way or another, and their attention/cooperation is required to solve the problem before their information “falls into the wrong hands”.
It wasn’t always this way however, with most of iBanking’s history being spent as a lowly keylogging/firewall cracking suite of software designed to penetrate and log the activities of a computer configured with basic installations of Windows XP, Vista, and 7.
“iBanking often masquerades as legitimate social networking, banking or security applications and is mainly being used to defeat out-of-band security measures employed by banks, intercepting one-time passwords sent through SMS. It can also be used to construct mobile botnets and conduct covert surveillance on victims. iBanking has a number of advanced features, such as allowing attackers to toggle between HTTP and SMS control, depending on the availability of an Internet connection.”
For the low price of only $5,000 per license, anyone with the cash upfront can gain access to the malware and distribute it to a limited number of devices within a certain network. After the trojan is successfully implanted, users can read the emails and SMS messages of their targets, and even record their phone calls to an offsite database to be archived for later use.
Other useful tools in the package include the ability to remotely monitor the microphone of the infected device, track its GPS signal to within 100 meters, and even act as a relay station for potential botnets that need more zombies to recruit out of thin air.
The code contained within the iBanking backdoor trojan is both complex, and extremely cryptic, preventing even the highest level researchers from cracking through its walls during their attempts to reverse engineer the malware in an effort to bring it down from the inside out.
Protected by 256-bit AES encryption, the XML files which would normally give researchers a leg up in dissecting the malware (and thus, finding a way to kill it) are completely hidden behind a wall of intricate math stacked ten stories high.
As of now the only details known about the group profiting off this venture is that they call themselves the “GFF”, and even though the source code for the crack has been leaked online for months, apparently there is still a large line of people who are willing to pony up the premium price tag in order to keep their version of the software as up to date as they can until their subscription inevitably runs out.