Carberp source code for sale, extending availability of banking trojan

Share this article:

A black market seller is offering source code of the Carberp trojan for as little as $5,000, a price tag that may get a lot of takers.

Andrey Komarov, head of international projects for Russian security firm Group-IB, spotted the source code being advertised on a Russian underground forum.

According to the seller, using the handle “madeinrm,” a sale would grant the buyer access to Carberp's source code, along with web injections, the source code for a worm known as "Gazavat," two exploits for vulnerabilities in Windows, and additional malicious features, the advertisement said.

As recently as December, the criminal group behind Carberp, which is designed to steal personal information entered into online banking platforms, was hawking a similar package at a much steeper price: $40,000 per exploit kit.

But that's apparently changed. 

The Register broke the news on Tuesday that the trojan's source code was up for grabs with a lighter price tag – a move researchers haven't seen the likes of since crooks leaked the source code for banking trojan Zeus in May 2011.

Komarov told SCMagazine.com Wednesday in an email that the Carberp group's decision to drop the price came after an individual going by “Batman,” who managed Carberp's sales and technical support, sold the source code to more than one person against the group's wishes.

With the source code in more hands than the group had anticipated, they decided to further open up the sale of the trojan. 

Etay Maor, fraud prevention solutions manager at security firm Trusteer, told SCMagazine.com on Wednesday that selling the source code could also be a way for the Carberp outfit, which has been on the radar of Russian law enforcement in recent months, to move on to new ventures before they are caught.

As ownership of the trojan changes hands, it will undoubtedly become available to a larger pool of criminals.

“They are going to make good use of that investment,” Maor said.

Share this article:
You must be a registered member of SC Magazine to post a comment.

Sign up to our newsletters

TOP COMMENTS

More in News

Adobe exploit used to spread Dyre credential stealer

Adobe exploit used to spread Dyre credential stealer

Users running vulnerable Adobe software could be in danger of having credentials for Bitcoin websites stolen.

Staples is investigating a potential issue involving credit card data

Staples is investigating a potential issue involving credit ...

The company said it is investigating a potential issue involving credit card data and that customers are not responsible for fraudulent activity on cards if an issue is discovered.

Skills set a priority over legacy prejudices, experts say

Skills set a priority over legacy prejudices, experts ...

Cybersecurity expert Winn Schwartau and Robert Clark, a cyber law attorney at the Army Cyber Institute, discussed issues around hiring in the information security industry.