Carberp source code for sale, extending availability of banking trojan

Share this article:

A black market seller is offering source code of the Carberp trojan for as little as $5,000, a price tag that may get a lot of takers.

Andrey Komarov, head of international projects for Russian security firm Group-IB, spotted the source code being advertised on a Russian underground forum.

According to the seller, using the handle “madeinrm,” a sale would grant the buyer access to Carberp's source code, along with web injections, the source code for a worm known as "Gazavat," two exploits for vulnerabilities in Windows, and additional malicious features, the advertisement said.

As recently as December, the criminal group behind Carberp, which is designed to steal personal information entered into online banking platforms, was hawking a similar package at a much steeper price: $40,000 per exploit kit.

But that's apparently changed. 

The Register broke the news on Tuesday that the trojan's source code was up for grabs with a lighter price tag – a move researchers haven't seen the likes of since crooks leaked the source code for banking trojan Zeus in May 2011.

Komarov told SCMagazine.com Wednesday in an email that the Carberp group's decision to drop the price came after an individual going by “Batman,” who managed Carberp's sales and technical support, sold the source code to more than one person against the group's wishes.

With the source code in more hands than the group had anticipated, they decided to further open up the sale of the trojan. 

Etay Maor, fraud prevention solutions manager at security firm Trusteer, told SCMagazine.com on Wednesday that selling the source code could also be a way for the Carberp outfit, which has been on the radar of Russian law enforcement in recent months, to move on to new ventures before they are caught.

As ownership of the trojan changes hands, it will undoubtedly become available to a larger pool of criminals.

“They are going to make good use of that investment,” Maor said.

Share this article:

Sign up to our newsletters

More in News

Brazilian president signs internet 'Bill of Rights' into law

Brazilian president signs internet 'Bill of Rights' into ...

President Dilma Rousseff signed the legislation on Wednesday at the NetMundial conference in Sao Paulo.

Android trojan sends premium SMS messages, targets U.S. users for first time

Android trojan sends premium SMS messages, targets U.S. ...

An SMS trojan for Android, known as FakeInst, has been observed sending premium SMS messages to users all over the world, including, for the first time, the United States.

Report: DDoS up in Q4 2013, vulnerability scanners leveraged to exploit sites

Report: DDoS up in Q4 2013, vulnerability scanners ...

Researchers observed 346 DDoS attacks in the final quarter of 2013 and attackers used Vega and Skipfish vulnerability scanners to exploit web flaws at financial companies.