ExoBot leak – ExoBot banking Trojan source code leaked on the Internet!
New Banking Android Trojan ExoBot has been leaked on the World Wide Web for everyone to see and use! This can be used for Phishing user bank details or Credit and debit card details, locking the infected device with a password, intercepting incoming and outgoing SMS messages and other web injects and custom injects!
The ExoBot banking Trojan was first spotted in 2016 when its creators were advertising its sale on the Dark web using jabber/XMPP spam, hacking forums, Dark web Marketplaces and via a dedicated website. Apparently, the Source code file of the ExoBot android banking Trojan was released out in the malware community to create more instances of this dangerous banking Trojan.
Before its leak the ExoBot Banking malware was rented to clients for a monthly fee. ExoBot customers never had access to its source code and were only allowed access to the configuration panels provided by the ExoBot creators. The ExoBot leak has left researchers worried that new malware strains will be developed using the ExoBot Source code file.
The Exobot Banking Trojan was well received in the malware community and the developer even made an ExoBot version 2. But, it was put on sale by the author without citing any reasons for the same. Apparently, the developer might have come under the radar of investigative agencies or law enforcement had gotten wind of his online activities. To prevent from being caught, a decision to sell this source code was made by the hacker.
It has been known that the source codes of such malware when sold are often leaked online after a disgruntled buyer doesn’t get the required “after sale service”. Once the Source code of ExoBot got leaked, which it did, it would be tweaked and remastered into many instances of new banking malware!
This ExoBot leak also happened after it was sold and changing hands by getting resold lead to its leak on the internet for everyone to see.
The Version leaked on the internet is the last version, ExoBot 2.5 “Trump Edition”, after which the developers gave up on further updating the ExoBot Banking Malware.
The ExoBot banking Malware is a dangerous piece of code and its easy availability can lead to infection even in the latest android versions on mobile devices. It doesn’t require Android Permissions unlike other banking Trojans that require Accessibility ore Use Stat Permissions and require User Interaction.
Hence, the researchers are anticipating a surge in new banking malware activity on android devices in the coming months after this ExoBot Leak.