Threat Management, Malware, Security Strategy, Plan, Budget

Researchers spot mobile malware competition on the black market

IBM security researchers have spotted an increase in mobile malware competition on underground markets over price points, features, and overall quality,

In one instance, researchers saw an emergence of competitors when the author of the GM Bot, one of the longest standing overlay malware offerings on the Russian-speaking underground market, tripled the price from $5,000 to $15,000 after releasing a new version in March 2016, IBM Executive Security Advisor Limor Kessem said in an April 28 security post.

The new price point was considered expensive and created an opportunity for vendors and developers to compete with their own versions of malware with lower-cost alternatives and more sophisticated offerings.

Researchers spotted three alternatives, Cron Bot, KNL Bot, and Bilal Bot actively being sold in underground market for prices ranging from $3,000 to $6,000, all of which were marketed by their vendors as having overlay screen capabilities and data theft ability, according to the post.

Most recently, researchers spotted the emergence of the malware-as-a-service Cron Bot, which first appeared April 1, being rented out for between $4,000 and $7,000 per month. Its authors claim that it brings sophisticated malicious options similar to those of PC Trojans to the Android platform, the post said.

KNL is marketed at half the price point of GM Bot but with similar advertised features and purportedly allows remote attackers to gain control over an infected device and obtain online banking credentials and payment card data, the post said.

Bilal Bot is cheaper and less advanced than GM Bot or KNL at around $3,000 and features unlimited free bug fixes and, according to the post. Researchers said the malware's authors attempted to discredit other malware with claims that its competitors are easily detectable.

Kessem said in the post that the increase in the supply of different offerings, including low-cost alternatives, “may be in response to the rising demand for fraud-facilitating wares at a time when full-fledged banking Trojans have become the domain of organized crime groups.”

She said IBM X-Force researchers expect overlay malware botnets to continue to increase in the wild due to their ability to facilitate the theft of financial credentials and other authentication and customer identification elements.

Tripwire Cybersecurity Researcher Craig Young said in comments emailed to that mobile devices are more integrated into users' daily activities than other technology and because of this are prime targets for attackers.  

“Although we may not be quite there yet, it is likely that in the near future, mobile malware will be a more lucrative business than traditional PC malware,” Young said. “Malware authors have been adapting their techniques to find a variety of monetization channels including ransomware, banking trojans and the emerging threat of ad fraud.” 

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.