August 1, 2018 By David Bisson 2 min read

An unknown actor leaked the source code for the Android malware Exobot online, leading to fears of new attack campaigns.

In June 2018, the unknown individual sent a copy of Exobot’s source code to Bleeping Computer, which subsequently shared it with security companies ESET and ThreatFabric. The companies confirmed that the code was for version 2.5 of Exobot, an Android banking Trojan that is based on the Marcher Android malware, according to IBM X-Force researchers.

The source code for Exobot first appeared online in May 2018 after someone who purchased it from the author decided to share it with the malware community.

Why the Source Code Leak Could Foreshadow a Massive Attack

Bleeping Computer researchers observed Exobot’s source code being distributed on “quite a few” underground web marketplaces after receiving its copy. This fact is concerning because previous malware source code leaks have led to surges of new attack campaigns.

For instance, Level 3 Threat Research Labs identified 213,000 Mirai-enslaved bots via communication with the command-and-control server before the release of the malware’s source code. After this event, the team discovered that the number of Mirai bots more than doubled, increasing to 493,000.

This incident occurred just before Mirai staged its infamous distributed denial-of-service (DDoS) attack against Dyn’s managed Domain Name System (DNS) infrastructure in late 2016.

How to Protect Mobile Devices From Android Malware

To protect their organizations against the repercussions from malware source code leaks, IBM experts recommend adopting a broad approach to mobile threat prevention. This strategy requires investing in a unified endpoint management (UEM) solution to scan devices for potential threats and setting up network protocols to help remediate a malware infection.

These features should also include real-time compliance rules and alerts to help automate the process of malware remediation and removal on mobile devices.

Sources: Bleeping Computer, NetFormation

More from

How I got started: Incident responder

3 min read - As a cybersecurity incident responder, life can go from chill to chaos in seconds. What is it about being an incident responder that makes people want to step up for this crucial cybersecurity role?With our How I Got Started series, we learn from experts in their field and find out how they got started and what advice they have for anyone looking to get into the field.In this Q&A, we spoke with IBM’s own Dave Bales, co-lead X-Force Incident Command…

Zero-day exploits underscore rising risks for internet-facing interfaces

3 min read - Recent reports confirm the active exploitation of a critical zero-day vulnerability targeting Palo Alto Networks’ Next-Generation Firewalls (NGFW) management interfaces. While Palo Alto’s swift advisories and mitigation guidance offer a starting point for remediation, the broader implications of such vulnerabilities demand attention from organizations globally.The surge in attacks on internet-facing management interfaces highlights an evolving threat landscape and necessitates rethinking how organizations secure critical assets.Who is exploiting the NGFW zero-day?As of now, little is known about the actors behind the…

How TikTok is reframing cybersecurity efforts

4 min read - You might think of TikTok as the place to go to find out new recipes and laugh at silly videos. And as a cybersecurity professional, TikTok’s potential data security issues are also likely to come to mind. However, in recent years, TikTok has worked to promote cybersecurity through its channels and programs. To highlight its efforts, TikTok celebrated Cybersecurity Month by promoting its cybersecurity focus and sharing cybersecurity TikTok creators.Global Bug Bounty program with HackerOneDuring Cybersecurity Month, the social media…

Topic updates

Get email updates and stay ahead of the latest threats to the security landscape, thought leadership and research.
Subscribe today