Augustin Inzirillo was 18-years-old in 2016 when his banking trojan was put up for sale on underground forums for around $2,500. Now, the malware author has released the source code to refute a vendor's claim that the code doesn't bypass its security.
And his initiatives have earned him a job offer from the Unites States. Inzirillo's father, however, is cautioning his son that it's likely a trap to deliver him into the arms of the law, according to a report from security investigator Brian Krebs.
The teenager claimed his malware, Nuclear Bot (aka NukeBot), had similar capabilities as the ZeuS banking trojan – that is, it was capable of siphoning out passwords and delivering arbitrary content to visitors to banking sites. In particular, he claimed his malware package could bypass Trusteer Rapport, a security tool from IBM offered by banks to customers to help them thwart the effect of banking trojans.
IBM's refutation of Inzirillo's claim is said to have prompted the French teenager to release his source code to prove the effectiveness of his creation.
But his dad, Daniel, told Krebs his son's strategies were carried out to spite competitors who were marketing his code. “The idea was that they wouldn't be able to sell his software anymore because it was now free for grabs.”
The elder Inzirillo also expressed reservations about a job offer his son received, purportedly from a recruiter at a technology firm in the U.S. which said it was impressed with the teenager's coding acumen.
“There is a strong possibility that in one or two weeks he's going to be flying to California, and I am concerned that maybe some guy in some law enforcement agency has his sights on him,” Daniel Inzirillo told Krebs.