Carberp source code for sale, extending availability of banking trojan

Share this article:

A black market seller is offering source code of the Carberp trojan for as little as $5,000, a price tag that may get a lot of takers.

Andrey Komarov, head of international projects for Russian security firm Group-IB, spotted the source code being advertised on a Russian underground forum.

According to the seller, using the handle “madeinrm,” a sale would grant the buyer access to Carberp's source code, along with web injections, the source code for a worm known as "Gazavat," two exploits for vulnerabilities in Windows, and additional malicious features, the advertisement said.

As recently as December, the criminal group behind Carberp, which is designed to steal personal information entered into online banking platforms, was hawking a similar package at a much steeper price: $40,000 per exploit kit.

But that's apparently changed. 

The Register broke the news on Tuesday that the trojan's source code was up for grabs with a lighter price tag – a move researchers haven't seen the likes of since crooks leaked the source code for banking trojan Zeus in May 2011.

Komarov told SCMagazine.com Wednesday in an email that the Carberp group's decision to drop the price came after an individual going by “Batman,” who managed Carberp's sales and technical support, sold the source code to more than one person against the group's wishes.

With the source code in more hands than the group had anticipated, they decided to further open up the sale of the trojan. 

Etay Maor, fraud prevention solutions manager at security firm Trusteer, told SCMagazine.com on Wednesday that selling the source code could also be a way for the Carberp outfit, which has been on the radar of Russian law enforcement in recent months, to move on to new ventures before they are caught.

As ownership of the trojan changes hands, it will undoubtedly become available to a larger pool of criminals.

“They are going to make good use of that investment,” Maor said.

Share this article:
You must be a registered member of SC Magazine to post a comment.

Sign up to our newsletters

More in News

Reported breaches involving zero-day bug at JPMorgan Chase, other banks

Reported breaches involving zero-day bug at JPMorgan Chase, ...

Hackers exploited a zero-day vulnerability and gained access to sensitive information from JPMorgan Chase and at least four other financial institutions, reports indicate.

Data on 97K Bugzilla users posted online for about three months

During a migration of the testing server for test builds of Bugzilla software, data on about 97,000 Bugzilla users was inadvertently posted publicly online.

Chinese national had access to data on 5M Arizona drivers, possible breach ...

Although Lizhong Fan left the U.S. in 2007, the agencies responsible for giving him access to Americans' personal information have yet to disclose the details of the case to the public.