Beta
×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

Android iBanking Malware Still Fetches $5,000

Unknown Lamer posted about 5 months ago | from the malware-for-the-rich-and-famous dept.

Android 25

itwbennett (1594911) writes "Symantec and RSA published details on their blogs on Tuesday about the iBanking Android program, which is being used by two Eastern European cybercrime groups to intercept one-time SMS passcodes used for logging into bank accounts. IBanking's source code was leaked in February, which should have caused its price to drop. But its developer has continued to develop iBanking and provide support, and the malware is still commanding $5,000 per copy, one of the highest prices seen for a type of malware, according to research from Symantec."

Sorry! There are no comments related to the filter you selected.

Price and volume (2)

jamesl (106902) | about 5 months ago | (#47057451)

IBanking sells for around $5,000 or for a cut of the proceeds from theft it facilitates, Symantec wrote.

Like all these stories, $5,000 may be the "sticker" or asking price. How many sold at this price or at any price is the important metric.

Re:Price and volume (1)

jopsen (885607) | about 5 months ago | (#47057549)

Like all these stories, $5,000 may be the "sticker" or asking price. How many sold at this price or at any price is the important metric.

The market for this kind of software is fairly small.. so 5k is very cheap... it's probably not feasible to hire real developers to do this.
I wouldn't be surprised if this guy could be making more money making enterprise software. SharePoint plugins, various CMS plugins, etc...

To a petty thief 5k is a lot of money, but for a legitimate business it's rather cheap, compared to doing any kind of development.

Re:Price and volume (2)

LordLimecat (1103839) | about 5 months ago | (#47057847)

SharePoint plugins

Whoah now, even criminals have standards.

Re:Price and volume (0)

Anonymous Coward | about 5 months ago | (#47058283)

I would do a share point plugin before I do a Xerox EIP module....

False alarm...Linux can't get any viruses (0)

Anonymous Coward | about 5 months ago | (#47058117)

According to Slashdot, r/linux and Hacker News, Linux is super secure and cannot get viruses while Windows is a cess pool for malware. That's we should all switch to Linux.

Why does Android seem to attract almost 100% of malware on mobile devices then?

Is there anything in a desktop distro like Ubuntu or Debian or whatever that will stop malware of this sort if Linux gets as popular as Android/Windows?

Re:False alarm...Linux can't get any viruses (0)

Anonymous Coward | about 5 months ago | (#47058205)

According to Slashdot, r/linux and Hacker News, Linux is super secure and cannot get viruses while Windows is a cess pool for malware. That's we should all switch to Linux.

Why does Android seem to attract almost 100% of malware on mobile devices then?

Is there anything in a desktop distro like Ubuntu or Debian or whatever that will stop malware of this sort if Linux gets as popular as Android/Windows?

There is nothing in Ubuntu/Debian/etc that will stop malware but it is not generally a target.
There are many, many more phones (Android phones) than desktop Linux instances so Android is a good target.
You might not have Linux on your desktop but you might just have an Android phone.

You have to install an apk from a pop-up (1)

tepples (727027) | about 5 months ago | (#47060225)

According to the article, the victim has to install an app from a pop-up. If the user leaves "Unknown sources" turned off, the user can't get infected. I imagine that most people in the western world who turn on "Unknown sources" are users of third-party marketplaces that require "Unknown sources", such as Amazon Appstore or F-Droid. In order to get infected, you have to 1. turn on "Unknown sources", 2. forget to turn it off after you're done installing or updating apps from a third-party marketplace, and 3. install an apk file linked from a pop-up (source: the featured article by Symantec). If you're dumb enough to do #3 on your phone, you're dumb enough to do the same thing on your desktop, even if it does run GNU/Linux.

Re:You have to install an apk from a pop-up (1)

tlhIngan (30335) | about 5 months ago | (#47060381)

According to the article, the victim has to install an app from a pop-up. If the user leaves "Unknown sources" turned off, the user can't get infected. I imagine that most people in the western world who turn on "Unknown sources" are users of third-party marketplaces that require "Unknown sources", such as Amazon Appstore or F-Droid. In order to get infected, you have to 1. turn on "Unknown sources", 2. forget to turn it off after you're done installing or updating apps from a third-party marketplace, and 3. install an apk file linked from a pop-up (source: the featured article by Symantec). If you're dumb enough to do #3 on your phone, you're dumb enough to do the same thing on your desktop, even if it does run GNU/Linux.

Most people don't do #2. Doesn't matter if you should, or if you tell them to, they won't do it.

Oh, they may the first time, but then the next time they visit the Amazon App Store, they're going to forget.

So once it's set, consider it permanently set because most users will not bother.

#3 is social engineering. If they're browsing the web, they get a little popup that says "Install our app and see the videos for free!" well, there you go.

Or "Security update required - please install and run this app to update your phone".

etc.

Hell, remember the "You need to install this codec" popups on Windows? Same thing, really.

Re:You have to install an apk from a pop-up (0)

Anonymous Coward | about 5 months ago | (#47061623)

Heh, I read your post's subject and just for a second I thought you were talking about the other kind of APK identity theft malware.

I suppose the same thing holds true either way: stay far away from APK identity theft malware, no matter what lies the author tries to get you to believe.

good news! (0, Troll)

Anonymous Coward | about 5 months ago | (#47057457)

somebody finally figured out how to make money on android :) This is probably the final nail in Apple's (beleaguered) coffin. Any AAPL stockholders should get out now before the price drops by a factor of 7 soon.

download free (1, Funny)

phantomfive (622387) | about 5 months ago | (#47057567)

Re:download free (2)

jbmartin6 (1232050) | about 5 months ago | (#47057617)

This is why you should never give out your IP address over the Internet.

Re:download free (0)

Anonymous Coward | about 5 months ago | (#47059125)

kek

Re:download free (0)

Anonymous Coward | about 5 months ago | (#47062201)

Hey, I'm getting a 404 error. Can you report to usenet?

Re:download free (1)

phantomfive (622387) | about 5 months ago | (#47062535)

Hey, I'm getting a 404 error. Can you report to usenet?

I think you need to open up some ports. Let me know your IP address and I can help you.

Source or no souce, if you can't use it... (4, Interesting)

Opportunist (166417) | about 5 months ago | (#47057653)

I cannot speak for this special case, since I lack the detailed info, but in general, those 5k bucks usually give you more than just the program. Such groups usually sell the whole package, including servers, server software, malware and for a little more money also a spam service to carpet bomb mail addresses with the malware spam.

In other words, you needn't be in any way apt with computers to commit "cybercrimes" anymore. You can get the "for dummies" package, including detailed step by step instructions how to use it.

Why those groups don't simply do it themselves and sell it instead? First, it's more profitable. And second, it's legal (for them at least, might be different in your country) to sell the software, but not to use it.

I don't know why, but it does start to remind me of drug cartels.

Android (0, Troll)

BasilBrush (643681) | about 5 months ago | (#47057687)

Android is the OS with the malware again. What a surprise.

Apple isn't immune (2)

tepples (727027) | about 5 months ago | (#47060237)

It's a social engineering exploit to get people to install an executable from a pop-up advertisement. OS X has exactly the same vulnerability unless you set Gatekeeper to "Mac App Store only".

Re:Apple isn't immune (1)

BasilBrush (643681) | about 5 months ago | (#47067515)

The fact that you could't think of even come up with that thin an avenue of attack for Android's actual competitor iOS says it all.

I look forward to your comparisons of iOS with desktop Linux. Not.

Re:Apple isn't immune (1)

tepples (727027) | about 5 months ago | (#47067747)

Apple is inconsistent with its lockdown. How does this inconsistency benefit end users?

iOS malware? (0)

Anonymous Coward | about 5 months ago | (#47057745)

Nowhere to be seen. LOL.

iOS malware? (1)

Kartu (1490911) | about 5 months ago | (#47063059)

Dolphin Browser shit (it was reporting sites you visit to their ad server) affected both Android and iOS, however:

1) Media only talked about it affecting Android
2) It were actually Android users, who checked and caught it

sms != secure (1)

fishscene (3662081) | about 5 months ago | (#47057975)

I've always thought tying accounts to your phone, via SMS or Phone number was a really dumb idea. Especially when the pervasive attitude is for apps to collect as much information about you as possible and read text messages. Combined with the fact that phone numbers are moved and traded all the time from person to person... Just a bad idea overall in my opinion.

Re:sms != secure (0)

Anonymous Coward | about 5 months ago | (#47058411)

> I've always thought tying accounts to your phone, via SMS or Phone number was a really dumb idea

Before smartphones it wasn't dumb. No malware on your feature phone.

actual write-up on the iBanking bot (2)

Aryeh Goretsky (129230) | about 5 months ago | (#47058849)

Hello,

The ITWorld article didn't mention it, so here's a link to the actual write-up on the bot, which is actually called Android/Spy.Agent.AF: Facebook Webinject Leads to iBanking Mobile Bot [welivesecurity.com] .

Regards,

Aryeh Goretsky
Check for New Comments
Slashdot Login

Need an Account?

Forgot your password?