iBanking – a Botnet on Android 1
iBanking – a Botnet on Android
Stephen Doherty
Senior Threat Intelligence Analyst
iBanking - Agenda
iBanking – a Botnet on Android 2
iBanking – what is it?1
The Evolution of iBanking2
There’s no Honour am...
iBanking – a Botnet on Android 3
iBanking
What is it?
What does the end user see?
iBanking – a Botnet on Android 4
Polish Fake AV Scanner The Many Faces of iBanking
The Capabilities of iBanking?
Features of iBanking
Steal Device Information
Intercept SMS
Intercept Phone Calls
Forward/Re...
iBanking Control Panel
• Control Multiple iBanking botnet from a single UI
iBanking – a Botnet on Android 6
iBanking Control Panel
• Simple dropdown to Issue commands
iBanking – a Botnet on Android 7
iBanking Control Panel
Majority of control numbers in Russia
iBanking – a Botnet on Android 8
How do I get infected with iBanking?
iBanking – a Botnet on Android 9
Getting infected with iBanking
iBanking – a Botnet on Android 10
Getting infected with iBanking
iBanking – a Botnet on Android 11
But that’s not all!
• My PC is secure
• I wouldn’t fall for this type of social engineering scam
iBanking – A Botnet on An...
iBanking – a Botnet on Android 13
The Evolution of iBanking
How has it evolved?
iBanking – pre sale version in the wild (August 2013)
• Earliest iBanking varient discovered
• Simple call redirector/SMS ...
Russian private forum (September 17th, 2013)
iBanking – a Botnet on Android 15
iBanking source code leaked (February 2nd, 2014)
iBanking – A Botnet on Android 16
iBanking source code leaked (February 2nd, 2014)
iBanking – a Botnet on Android 17
Android 0-day exploit in work (March 6th, 2014)
iBanking – a Botnet on Android 18
“Work! In the near future is expected to...
iBanking – a Botnet on Android 19
There is no honour among thieves
A hackers quest to recover 65k stolen bitcoins
ReVOLVeR
https://twitter.com/rev_priv8
iBanking – a Botnet on Android 20
The Priv8 Team
iBanking – a Botnet on Android 21
Wanna sign up?
iBanking – a Botnet on Android 22
Hey I lost 65k BTC, can you help me?
• Phones are secure right?
– Store your Bitcoin wallet/credentials on the phone
• ReV...
iBanking Control Panel – Admin login
• Authentication required!
iBanking – A Botnet on Android 24
http://[IBANKING_DOMAIN]...
There be treasure?
iBanking – A Botnet on Android 25
ReVOLVer – Hacking the BBC
iBanking – A Botnet on Android 26
BBC confirms Hacking incident
iBanking – a Botnet on Android 27
ReVOLVer – Reselling iBanking
iBanking – a Botnet on Android 28
January 6th, 2014
Thank you!
Copyright © 2012 Symantec Corporation. All rights reserved. Symantec and the Symantec Logo are trademarks or re...
Upcoming SlideShare
Loading in...5
×

iBanking - a botnet on Android

1,084

Published on

Stephen Doherty, Symantec - iBanking is a relative newcomer to the mobile malware scene whose use was first identified in August of 2013. The Trojan targets Android devices and can be remotely controlled over SMS and HTTP. iBanking began life as a simple SMS stealer and call redirector, but has undergone significant development since then. iBanking is available for purchase on a private underground forum for between $4k - $5k, with the next release expected to include a 0-day exploit for the Android operating system. This presentation will discuss iBanking - it's capabilities and the reasons for targeting mobile devices.

Published in: Technology
0 Comments
2 Likes
Statistics
Notes
  • Be the first to comment

No Downloads
Views
Total Views
1,084
On Slideshare
0
From Embeds
0
Number of Embeds
1
Actions
Shares
0
Downloads
30
Comments
0
Likes
2
Embeds 0
No embeds

No notes for slide

iBanking - a botnet on Android

  1. 1. iBanking – a Botnet on Android 1 iBanking – a Botnet on Android Stephen Doherty Senior Threat Intelligence Analyst
  2. 2. iBanking - Agenda iBanking – a Botnet on Android 2 iBanking – what is it?1 The Evolution of iBanking2 There’s no Honour among Thieves3
  3. 3. iBanking – a Botnet on Android 3 iBanking What is it?
  4. 4. What does the end user see? iBanking – a Botnet on Android 4 Polish Fake AV Scanner The Many Faces of iBanking
  5. 5. The Capabilities of iBanking? Features of iBanking Steal Device Information Intercept SMS Intercept Phone Calls Forward/Redirect Calls Steal Address Book Record Audio on Microphone Send SMS Get geo-location List files on file system List running applications Prevent uninstallation Factory Reset iBanking – a Botnet on Android 5 Controllable over SMS/HTTP
  6. 6. iBanking Control Panel • Control Multiple iBanking botnet from a single UI iBanking – a Botnet on Android 6
  7. 7. iBanking Control Panel • Simple dropdown to Issue commands iBanking – a Botnet on Android 7
  8. 8. iBanking Control Panel Majority of control numbers in Russia iBanking – a Botnet on Android 8
  9. 9. How do I get infected with iBanking? iBanking – a Botnet on Android 9
  10. 10. Getting infected with iBanking iBanking – a Botnet on Android 10
  11. 11. Getting infected with iBanking iBanking – a Botnet on Android 11
  12. 12. But that’s not all! • My PC is secure • I wouldn’t fall for this type of social engineering scam iBanking – A Botnet on Android 12 Chance Lodging software in Google Play - GFF
  13. 13. iBanking – a Botnet on Android 13 The Evolution of iBanking How has it evolved?
  14. 14. iBanking – pre sale version in the wild (August 2013) • Earliest iBanking varient discovered • Simple call redirector/SMS sniffer • Control Server Registrant Email – ctouma2@googlemail.com iBanking – a Botnet on Android 14
  15. 15. Russian private forum (September 17th, 2013) iBanking – a Botnet on Android 15
  16. 16. iBanking source code leaked (February 2nd, 2014) iBanking – A Botnet on Android 16
  17. 17. iBanking source code leaked (February 2nd, 2014) iBanking – a Botnet on Android 17
  18. 18. Android 0-day exploit in work (March 6th, 2014) iBanking – a Botnet on Android 18 “Work! In the near future is expected to announce in my workshop! 0-day vulnerability in android! :-)”
  19. 19. iBanking – a Botnet on Android 19 There is no honour among thieves A hackers quest to recover 65k stolen bitcoins
  20. 20. ReVOLVeR https://twitter.com/rev_priv8 iBanking – a Botnet on Android 20
  21. 21. The Priv8 Team iBanking – a Botnet on Android 21
  22. 22. Wanna sign up? iBanking – a Botnet on Android 22
  23. 23. Hey I lost 65k BTC, can you help me? • Phones are secure right? – Store your Bitcoin wallet/credentials on the phone • ReVOLVeR gets busy reversing! – Command & Control • myredskins.net iBanking – a Botnet on Android 23
  24. 24. iBanking Control Panel – Admin login • Authentication required! iBanking – A Botnet on Android 24 http://[IBANKING_DOMAIN]/iBanking/sendFile.php
  25. 25. There be treasure? iBanking – A Botnet on Android 25
  26. 26. ReVOLVer – Hacking the BBC iBanking – A Botnet on Android 26
  27. 27. BBC confirms Hacking incident iBanking – a Botnet on Android 27
  28. 28. ReVOLVer – Reselling iBanking iBanking – a Botnet on Android 28 January 6th, 2014
  29. 29. Thank you! Copyright © 2012 Symantec Corporation. All rights reserved. Symantec and the Symantec Logo are trademarks or registered trademarks of Symantec Corporation or its affiliates in the U.S. and other countries. Other names may be trademarks of their respective owners. This document is provided for informational purposes only and is not intended as advertising. All warranties relating to the information in this document, either express or implied, are disclaimed to the maximum extent allowed by law. The information in this document is subject to change without notice. iBanking – a Botnet on Android 29 Stephen Doherty, Senior Threat Intelligence Analyst, Attack Investigations Team,
  1. A particular slide catching your eye?

    Clipping is a handy way to collect important slides you want to go back to later.

×