An unknown actor leaked the source code for the Android malware Exobot online, leading to fears of new attack campaigns.
In June 2018, the unknown individual sent a copy of Exobot’s source code to Bleeping Computer, which subsequently shared it with security companies ESET and ThreatFabric. The companies confirmed that the code was for version 2.5 of Exobot, an Android banking Trojan that is based on the Marcher Android malware, according to IBM X-Force researchers.
The source code for Exobot first appeared online in May 2018 after someone who purchased it from the author decided to share it with the malware community.
Why the Source Code Leak Could Foreshadow a Massive Attack
Bleeping Computer researchers observed Exobot’s source code being distributed on “quite a few” underground web marketplaces after receiving its copy. This fact is concerning because previous malware source code leaks have led to surges of new attack campaigns.
For instance, Level 3 Threat Research Labs identified 213,000 Mirai-enslaved bots via communication with the command-and-control server before the release of the malware’s source code. After this event, the team discovered that the number of Mirai bots more than doubled, increasing to 493,000.
This incident occurred just before Mirai staged its infamous distributed denial-of-service (DDoS) attack against Dyn’s managed Domain Name System (DNS) infrastructure in late 2016.
How to Protect Mobile Devices From Android Malware
To protect their organizations against the repercussions from malware source code leaks, IBM experts recommend adopting a broad approach to mobile threat prevention. This strategy requires investing in a unified endpoint management (UEM) solution to scan devices for potential threats and setting up network protocols to help remediate a malware infection.
These features should also include real-time compliance rules and alerts to help automate the process of malware remediation and removal on mobile devices.
Sources: Bleeping Computer, NetFormation
David Bisson is an infosec news junkie and security journalist. He works as Contributing Editor for Graham Cluley Security News and Associate Editor for Trip...