Your SlideShare is downloading. ×
iBanking - a botnet on Android
Upcoming SlideShare
Loading in...5
×

Thanks for flagging this SlideShare!

Oops! An error has occurred.

×

Saving this for later?

Get the SlideShare app to save on your phone or tablet. Read anywhere, anytime - even offline.

Text the download link to your phone

Standard text messaging rates apply

iBanking - a botnet on Android

800
views

Published on

Stephen Doherty, Symantec - iBanking is a relative newcomer to the mobile malware scene whose use was first identified in August of 2013. The Trojan targets Android devices and can be remotely …

Stephen Doherty, Symantec - iBanking is a relative newcomer to the mobile malware scene whose use was first identified in August of 2013. The Trojan targets Android devices and can be remotely controlled over SMS and HTTP. iBanking began life as a simple SMS stealer and call redirector, but has undergone significant development since then. iBanking is available for purchase on a private underground forum for between $4k - $5k, with the next release expected to include a 0-day exploit for the Android operating system. This presentation will discuss iBanking - it's capabilities and the reasons for targeting mobile devices.

Published in: Technology

0 Comments
2 Likes
Statistics
Notes
  • Be the first to comment

No Downloads
Views
Total Views
800
On Slideshare
0
From Embeds
0
Number of Embeds
1
Actions
Shares
0
Downloads
27
Comments
0
Likes
2
Embeds 0
No embeds

Report content
Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
No notes for slide

Transcript

  • 1. iBanking – a Botnet on Android 1 iBanking – a Botnet on Android Stephen Doherty Senior Threat Intelligence Analyst
  • 2. iBanking - Agenda iBanking – a Botnet on Android 2 iBanking – what is it?1 The Evolution of iBanking2 There’s no Honour among Thieves3
  • 3. iBanking – a Botnet on Android 3 iBanking What is it?
  • 4. What does the end user see? iBanking – a Botnet on Android 4 Polish Fake AV Scanner The Many Faces of iBanking
  • 5. The Capabilities of iBanking? Features of iBanking Steal Device Information Intercept SMS Intercept Phone Calls Forward/Redirect Calls Steal Address Book Record Audio on Microphone Send SMS Get geo-location List files on file system List running applications Prevent uninstallation Factory Reset iBanking – a Botnet on Android 5 Controllable over SMS/HTTP
  • 6. iBanking Control Panel • Control Multiple iBanking botnet from a single UI iBanking – a Botnet on Android 6
  • 7. iBanking Control Panel • Simple dropdown to Issue commands iBanking – a Botnet on Android 7
  • 8. iBanking Control Panel Majority of control numbers in Russia iBanking – a Botnet on Android 8
  • 9. How do I get infected with iBanking? iBanking – a Botnet on Android 9
  • 10. Getting infected with iBanking iBanking – a Botnet on Android 10
  • 11. Getting infected with iBanking iBanking – a Botnet on Android 11
  • 12. But that’s not all! • My PC is secure • I wouldn’t fall for this type of social engineering scam iBanking – A Botnet on Android 12 Chance Lodging software in Google Play - GFF
  • 13. iBanking – a Botnet on Android 13 The Evolution of iBanking How has it evolved?
  • 14. iBanking – pre sale version in the wild (August 2013) • Earliest iBanking varient discovered • Simple call redirector/SMS sniffer • Control Server Registrant Email – ctouma2@googlemail.com iBanking – a Botnet on Android 14
  • 15. Russian private forum (September 17th, 2013) iBanking – a Botnet on Android 15
  • 16. iBanking source code leaked (February 2nd, 2014) iBanking – A Botnet on Android 16
  • 17. iBanking source code leaked (February 2nd, 2014) iBanking – a Botnet on Android 17
  • 18. Android 0-day exploit in work (March 6th, 2014) iBanking – a Botnet on Android 18 “Work! In the near future is expected to announce in my workshop! 0-day vulnerability in android! :-)”
  • 19. iBanking – a Botnet on Android 19 There is no honour among thieves A hackers quest to recover 65k stolen bitcoins
  • 20. ReVOLVeR https://twitter.com/rev_priv8 iBanking – a Botnet on Android 20
  • 21. The Priv8 Team iBanking – a Botnet on Android 21
  • 22. Wanna sign up? iBanking – a Botnet on Android 22
  • 23. Hey I lost 65k BTC, can you help me? • Phones are secure right? – Store your Bitcoin wallet/credentials on the phone • ReVOLVeR gets busy reversing! – Command & Control • myredskins.net iBanking – a Botnet on Android 23
  • 24. iBanking Control Panel – Admin login • Authentication required! iBanking – A Botnet on Android 24 http://[IBANKING_DOMAIN]/iBanking/sendFile.php
  • 25. There be treasure? iBanking – A Botnet on Android 25
  • 26. ReVOLVer – Hacking the BBC iBanking – A Botnet on Android 26
  • 27. BBC confirms Hacking incident iBanking – a Botnet on Android 27
  • 28. ReVOLVer – Reselling iBanking iBanking – a Botnet on Android 28 January 6th, 2014
  • 29. Thank you! Copyright © 2012 Symantec Corporation. All rights reserved. Symantec and the Symantec Logo are trademarks or registered trademarks of Symantec Corporation or its affiliates in the U.S. and other countries. Other names may be trademarks of their respective owners. This document is provided for informational purposes only and is not intended as advertising. All warranties relating to the information in this document, either express or implied, are disclaimed to the maximum extent allowed by law. The information in this document is subject to change without notice. iBanking – a Botnet on Android 29 Stephen Doherty, Senior Threat Intelligence Analyst, Attack Investigations Team,