A dangerous mobile banking trojan that can infect even the most modern versions of Android has reportedly had its source code leaked online — a development that could spur on attacks from myriad actors who benefit from this windfall.
Bleeping Computer, whose staff last month received a copy of the code from an anonymous source, said in a report yesterday that researchers from ESET and ThreatFabric confirmed that the malware is version 2.5 of Exobot — also known as the “Trump Edition.”
According to the report, ThreatFabric security researcher and spokesperson Cengiz Han Sahin warned that Exobot is highly advanced in that it requires no interactions with its victims to fully execute. “All threat actors have been working on timing injects (overlay attacks) to work on Android 7, 8, and even 9,” said Sahin. “However Exobot really is something new… The trojan gets the package name of the foreground app without requiring any additional permissions.”
Exobot was first detected at the end of 2016, BleepingComputer has noted, and its code was put up for sale in January 2018. One of the buyers then proceeded to leak the purchased code in May, ThreatFabric told Bleeping Computer.