August 1, 2018 By David Bisson 2 min read

An unknown actor leaked the source code for the Android malware Exobot online, leading to fears of new attack campaigns.

In June 2018, the unknown individual sent a copy of Exobot’s source code to Bleeping Computer, which subsequently shared it with security companies ESET and ThreatFabric. The companies confirmed that the code was for version 2.5 of Exobot, an Android banking Trojan that is based on the Marcher Android malware, according to IBM X-Force researchers.

The source code for Exobot first appeared online in May 2018 after someone who purchased it from the author decided to share it with the malware community.

Why the Source Code Leak Could Foreshadow a Massive Attack

Bleeping Computer researchers observed Exobot’s source code being distributed on “quite a few” underground web marketplaces after receiving its copy. This fact is concerning because previous malware source code leaks have led to surges of new attack campaigns.

For instance, Level 3 Threat Research Labs identified 213,000 Mirai-enslaved bots via communication with the command-and-control server before the release of the malware’s source code. After this event, the team discovered that the number of Mirai bots more than doubled, increasing to 493,000.

This incident occurred just before Mirai staged its infamous distributed denial-of-service (DDoS) attack against Dyn’s managed Domain Name System (DNS) infrastructure in late 2016.

How to Protect Mobile Devices From Android Malware

To protect their organizations against the repercussions from malware source code leaks, IBM experts recommend adopting a broad approach to mobile threat prevention. This strategy requires investing in a unified endpoint management (UEM) solution to scan devices for potential threats and setting up network protocols to help remediate a malware infection.

These features should also include real-time compliance rules and alerts to help automate the process of malware remediation and removal on mobile devices.

Sources: Bleeping Computer, NetFormation

More from

How to craft a comprehensive data cleanliness policy

3 min read - Practicing good data hygiene is critical for today’s businesses. With everything from operational efficiency to cybersecurity readiness relying on the integrity of stored data, having confidence in your organization’s data cleanliness policy is essential.But what does this involve, and how can you ensure your data cleanliness policy checks the right boxes? Luckily, there are practical steps you can follow to ensure data accuracy while mitigating the security and compliance risks that come with poor data hygiene.Understanding the 6 dimensions of…

2024 roundup: Top data breach stories and industry trends

3 min read - With 2025 on the horizon, it’s important to reflect on the developments and various setbacks that happened in cybersecurity this past year. While there have been many improvements in security technologies and growing awareness of emerging cybersecurity threats, 2024 was also a hard reminder that the ongoing fight against cyber criminals is far from over.We've summarized this past year's top five data breach stories and industry trends, with key takeaways from each that organizations should note going into the following…

Black Friday chaos: The return of Gozi malware

4 min read - On November 29th, 2024, Black Friday, shoppers flooded online stores to grab the best deals of the year. But while consumers were busy filling their carts, cyber criminals were also seizing the opportunity to exploit the shopping frenzy. Our system detected a significant surge in Gozi malware activity, targeting financial institutions across North America. The Black Friday connection Black Friday creates an ideal environment for cyber criminals to thrive. The combination of skyrocketing transaction volumes, a surge in online activity…

Topic updates

Get email updates and stay ahead of the latest threats to the security landscape, thought leadership and research.
Subscribe today