Skip to main content

The source code for a new banking Trojan

The source code for a new banking Trojan dubbed Nuclear Bot was leaked online, experts speculate a rapid diffusion of the threat in the wild.





The source code for a new banking Trojan, dubbed Nuclear Bot, is available for sale in the cyber criminal underground.The Nuclear Bot banking Trojan first appeared in the cybercrime forums in early December when it was offered for $2,500. The malicious code implements features commonly seen in banking Trojans, it is able to inject code in Mozilla Firefox, Internet Explorer and Google Chrome browsers and steal sentitive data provided by the users.“In early December 2016, IBM X-Force researchers noticed the emergence of a new banking malware advertised for sale in a few underground boards.” reads a blogspot published by IBM researchers who are following the evolution of the threat. “The malware’s vendor, who went by the online moniker Gosya, was a Russian-speaking member who introduced himself as the developer of Nuclear Bot, or nukebot, a modular banking Trojan.”
The Trojan can also open a local proxy or hidden remote desktop service to allow crooks to initiate rogue transactions through the victims’ browsers after they have been tricked into providing the second authentication factor.
According to IBM, the creator of the malware has lost his credibility over the months and has been flagged as a scammer in the hacking community. The malware author did not offer a test version of the malware to potential buyers and advertised the Nuclear Bot using different names on different cybercrime forums.
In order to gain credibility and notoriety in the cyber crime community the author of the malware decided on releasing the Trojan’s source code.
The release of malicious code online represents an important milestone in the malware life cycle because give the opportunity to oder malware developers and crime organizations to customize and distribute their own version of the malware.
The NukeBot Trojan appears as a powerful tool written from scratch and that was able in early stage attacks to avoid detection of antivirus solutions.
“We know from previous incidents, such as the Zeus, Gozi and Carberp leaks, that publicly available source code makes for more malware. This is often incorporated into existing projects. X-Force researchers noted that NukeBot is likely to see the same process take place in the wild, especially since its code is not copied from other leaked malware, per the developer’s claims.” continues IBM.
“At this time, NukeBot has not been detected in real-world attacks and does not have defined target lists.”
Security experts expect a growing number of players in cybercrime underground will start to offer the NukeBot Trojan through the consolidated model of sale known as malware-as-a-service.

Popular posts from this blog

Facebook has fixed a serious security bug

Facebook has fixed a serious security bug that could have been exploited by hackers to delete any video shared by anyone on their wall. A new bug was discovered in the Facebook platform by the security researcher Dan Melamed, the flaw could be exploited to delete any video shared by anyone on their wall. Dan Melamed explained that a similar issue was discovered in June 2016 by the Indian security researcher Pranav Hivarekar who demonstrated that was able to delete any video by exploiting a security issue that exits  in the recently introduced video comment feature. The new but discovered by Melamed allowed him to delete any video on Facebook shared by anyone without having any permission or authentication. The expert also discovered that was possible to disable commenting on the video of your choice. “Back in June of last  year  I discovered a critical vulnerability that allows me to remotely delete any video on Facebook. In addition, I ...