SlideShare a Scribd company logo

iBanking - a botnet on Android

Source Conference
Source Conference

Stephen Doherty, Symantec - iBanking is a relative newcomer to the mobile malware scene whose use was first identified in August of 2013. The Trojan targets Android devices and can be remotely controlled over SMS and HTTP. iBanking began life as a simple SMS stealer and call redirector, but has undergone significant development since then. iBanking is available for purchase on a private underground forum for between $4k - $5k, with the next release expected to include a 0-day exploit for the Android operating system. This presentation will discuss iBanking - it's capabilities and the reasons for targeting mobile devices.

Technology
1 of 29
Download to read offline
iBanking – a Botnet on Android 1 iBanking – a Botnet on Android Stephen Doherty Senior Threat Intelligence Analyst
iBanking - Agenda iBanking – a Botnet on Android 2 iBanking – what is it?1 The Evolution of iBanking2 There’s no Honour among Thieves3
iBanking – a Botnet on Android 3 iBanking What is it?
What does the end user see? iBanking – a Botnet on Android 4 Polish Fake AV Scanner The Many Faces of iBanking
The Capabilities of iBanking? Features of iBanking Steal Device Information Intercept SMS Intercept Phone Calls Forward/Redirect Calls Steal Address Book Record Audio on Microphone Send SMS Get geo-location List files on file system List running applications Prevent uninstallation Factory Reset iBanking – a Botnet on Android 5 Controllable over SMS/HTTP
iBanking Control Panel • Control Multiple iBanking botnet from a single UI iBanking – a Botnet on Android 6
iBanking Control Panel • Simple dropdown to Issue commands iBanking – a Botnet on Android 7
iBanking Control Panel Majority of control numbers in Russia iBanking – a Botnet on Android 8
How do I get infected with iBanking? iBanking – a Botnet on Android 9
Getting infected with iBanking iBanking – a Botnet on Android 10
Getting infected with iBanking iBanking – a Botnet on Android 11
But that’s not all! • My PC is secure • I wouldn’t fall for this type of social engineering scam iBanking – A Botnet on Android 12 Chance Lodging software in Google Play - GFF
iBanking – a Botnet on Android 13 The Evolution of iBanking How has it evolved?
iBanking – pre sale version in the wild (August 2013) • Earliest iBanking varient discovered • Simple call redirector/SMS sniffer • Control Server Registrant Email – ctouma2@googlemail.com iBanking – a Botnet on Android 14
Russian private forum (September 17th, 2013) iBanking – a Botnet on Android 15
iBanking source code leaked (February 2nd, 2014) iBanking – A Botnet on Android 16
iBanking source code leaked (February 2nd, 2014) iBanking – a Botnet on Android 17
Android 0-day exploit in work (March 6th, 2014) iBanking – a Botnet on Android 18 “Work! In the near future is expected to announce in my workshop! 0-day vulnerability in android! :-)”
iBanking – a Botnet on Android 19 There is no honour among thieves A hackers quest to recover 65k stolen bitcoins
ReVOLVeR https://twitter.com/rev_priv8 iBanking – a Botnet on Android 20
The Priv8 Team iBanking – a Botnet on Android 21
Wanna sign up? iBanking – a Botnet on Android 22
Hey I lost 65k BTC, can you help me? • Phones are secure right? – Store your Bitcoin wallet/credentials on the phone • ReVOLVeR gets busy reversing! – Command & Control • myredskins.net iBanking – a Botnet on Android 23
iBanking Control Panel – Admin login • Authentication required! iBanking – A Botnet on Android 24 http://[IBANKING_DOMAIN]/iBanking/sendFile.php
There be treasure? iBanking – A Botnet on Android 25
ReVOLVer – Hacking the BBC iBanking – A Botnet on Android 26
BBC confirms Hacking incident iBanking – a Botnet on Android 27
ReVOLVer – Reselling iBanking iBanking – a Botnet on Android 28 January 6th, 2014
Thank you! Copyright © 2012 Symantec Corporation. All rights reserved. Symantec and the Symantec Logo are trademarks or registered trademarks of Symantec Corporation or its affiliates in the U.S. and other countries. Other names may be trademarks of their respective owners. This document is provided for informational purposes only and is not intended as advertising. All warranties relating to the information in this document, either express or implied, are disclaimed to the maximum extent allowed by law. The information in this document is subject to change without notice. iBanking – a Botnet on Android 29 Stephen Doherty, Senior Threat Intelligence Analyst, Attack Investigations Team,

Recommended

Hack
HackHack
Hack
No one Dencker
 
Overview of FIDO Security Requirements and Certifications
Overview of FIDO Security Requirements and CertificationsOverview of FIDO Security Requirements and Certifications
Overview of FIDO Security Requirements and Certifications
FIDO Alliance
 
New FIDO Specifications Overview -FIDO Alliance -Tokyo Seminar -Nadalin
New FIDO Specifications Overview -FIDO Alliance -Tokyo Seminar -NadalinNew FIDO Specifications Overview -FIDO Alliance -Tokyo Seminar -Nadalin
New FIDO Specifications Overview -FIDO Alliance -Tokyo Seminar -Nadalin
FIDO Alliance
 
FIDO UAF and PKI in Asia - Case Study and Recommendations
FIDO UAF and PKI in Asia - Case Study and RecommendationsFIDO UAF and PKI in Asia - Case Study and Recommendations
FIDO UAF and PKI in Asia - Case Study and Recommendations
FIDO Alliance
 
LINEのFIDO導入と将来展望
LINEのFIDO導入と将来展望LINEのFIDO導入と将来展望
LINEのFIDO導入と将来展望
FIDO Alliance
 
0164 pruebas de_performance_en_aplicaciones_win_gene_xus
0164 pruebas de_performance_en_aplicaciones_win_gene_xus0164 pruebas de_performance_en_aplicaciones_win_gene_xus
0164 pruebas de_performance_en_aplicaciones_win_gene_xusGeneXus
 
0131 tu aplicacion_gene_xus_en_la_nube_lo_que_se_necesita
0131 tu aplicacion_gene_xus_en_la_nube_lo_que_se_necesita0131 tu aplicacion_gene_xus_en_la_nube_lo_que_se_necesita
0131 tu aplicacion_gene_xus_en_la_nube_lo_que_se_necesitaGeneXus
 
Operaciones bancarias 04
Operaciones bancarias 04Operaciones bancarias 04
Operaciones bancarias 04Videoconferencias UTPL
 

Recommended

Hack
HackHack
Hack
No one Dencker
 
Overview of FIDO Security Requirements and Certifications
Overview of FIDO Security Requirements and CertificationsOverview of FIDO Security Requirements and Certifications
Overview of FIDO Security Requirements and Certifications
FIDO Alliance
 
New FIDO Specifications Overview -FIDO Alliance -Tokyo Seminar -Nadalin
New FIDO Specifications Overview -FIDO Alliance -Tokyo Seminar -NadalinNew FIDO Specifications Overview -FIDO Alliance -Tokyo Seminar -Nadalin
New FIDO Specifications Overview -FIDO Alliance -Tokyo Seminar -Nadalin
FIDO Alliance
 
FIDO UAF and PKI in Asia - Case Study and Recommendations
FIDO UAF and PKI in Asia - Case Study and RecommendationsFIDO UAF and PKI in Asia - Case Study and Recommendations
FIDO UAF and PKI in Asia - Case Study and Recommendations
FIDO Alliance
 
LINEのFIDO導入と将来展望
LINEのFIDO導入と将来展望LINEのFIDO導入と将来展望
LINEのFIDO導入と将来展望
FIDO Alliance
 
0164 pruebas de_performance_en_aplicaciones_win_gene_xus
0164 pruebas de_performance_en_aplicaciones_win_gene_xus0164 pruebas de_performance_en_aplicaciones_win_gene_xus
0164 pruebas de_performance_en_aplicaciones_win_gene_xusGeneXus
 
0131 tu aplicacion_gene_xus_en_la_nube_lo_que_se_necesita
0131 tu aplicacion_gene_xus_en_la_nube_lo_que_se_necesita0131 tu aplicacion_gene_xus_en_la_nube_lo_que_se_necesita
0131 tu aplicacion_gene_xus_en_la_nube_lo_que_se_necesitaGeneXus
 
Operaciones bancarias 04
Operaciones bancarias 04Operaciones bancarias 04
Operaciones bancarias 04Videoconferencias UTPL
 
Short 1100 Jart Armin - The Pocket Botnet
Short 1100 Jart Armin - The Pocket BotnetShort 1100 Jart Armin - The Pocket Botnet
Short 1100 Jart Armin - The Pocket BotnetUISGCON
 
Short 11-00 Jart Armin - The Pocket Botnet
Short 11-00 Jart Armin - The Pocket BotnetShort 11-00 Jart Armin - The Pocket Botnet
Short 11-00 Jart Armin - The Pocket BotnetUISGCON
 
State of Bitcoin Security - Inside Bitcoins April 2014 - Bojan Simic
State of Bitcoin Security - Inside Bitcoins April 2014 - Bojan SimicState of Bitcoin Security - Inside Bitcoins April 2014 - Bojan Simic
State of Bitcoin Security - Inside Bitcoins April 2014 - Bojan SimicBojan Simic
 
State of bitcoin security
State of bitcoin securityState of bitcoin security
State of bitcoin security
Mediabistro
 
Forensic And Cloud Computing
Forensic And Cloud ComputingForensic And Cloud Computing
Forensic And Cloud Computing
Mitesh Katira
 
Webcast - how can banks defend against fraud?
Webcast - how can banks defend against fraud?Webcast - how can banks defend against fraud?
Webcast - how can banks defend against fraud?
Uniphore
 
Cyber crime and cyber security
Cyber crime and cyber securityCyber crime and cyber security
Cyber crime and cyber securityKeshab Nath
 
KICA Case Study: Bio-Authentication and PKI Trends in Korea -FIDO Alliance -T...
KICA Case Study: Bio-Authentication and PKI Trends in Korea -FIDO Alliance -T...KICA Case Study: Bio-Authentication and PKI Trends in Korea -FIDO Alliance -T...
KICA Case Study: Bio-Authentication and PKI Trends in Korea -FIDO Alliance -T...
FIDO Alliance
 
Cyber Security - Whats the Worst that Could Happen
Cyber Security - Whats the Worst that Could HappenCyber Security - Whats the Worst that Could Happen
Cyber Security - Whats the Worst that Could Happen
Rob Stevenson
 
Bitcoin presentation
Bitcoin presentationBitcoin presentation
Bitcoin presentation
Mahendra Vishwkarma
 
Cyber Raksha - by Vanshit Malhotra
Cyber Raksha - by Vanshit MalhotraCyber Raksha - by Vanshit Malhotra
Cyber Raksha - by Vanshit Malhotra
Vanshit Malhotra
 
Cybercrime & Cybersecurity
Cybercrime & CybersecurityCybercrime & Cybersecurity
Cybercrime & Cybersecurity
RitamaJana
 
Smartphone Ownage: The state of mobile botnets and rootkits
Smartphone Ownage: The state of mobile botnets and rootkitsSmartphone Ownage: The state of mobile botnets and rootkits
Smartphone Ownage: The state of mobile botnets and rootkits
Jimmy Shah
 
Cybercrimes against the korean online banking systems 1227 eng_slideshare
Cybercrimes against the korean online banking systems 1227 eng_slideshareCybercrimes against the korean online banking systems 1227 eng_slideshare
Cybercrimes against the korean online banking systems 1227 eng_slideshare
Youngjun Chang
 
IBM Cyber Threat Analysis
IBM Cyber Threat AnalysisIBM Cyber Threat Analysis
IBM Cyber Threat Analysis
IBM Government
 
The Endless Wave of Online Threats - Protecting our Community
The Endless Wave of Online Threats - Protecting our CommunityThe Endless Wave of Online Threats - Protecting our Community
The Endless Wave of Online Threats - Protecting our Community
AVG Technologies AU
 
RSA Online Fraud Report - August 2014
RSA Online Fraud Report - August 2014RSA Online Fraud Report - August 2014
RSA Online Fraud Report - August 2014
EMC
 
Bitcoin Presentation.pptx
Bitcoin Presentation.pptxBitcoin Presentation.pptx
Bitcoin Presentation.pptx
AshutoshSingh502936
 
Mobile banking commoditization
Mobile banking commoditizationMobile banking commoditization
Mobile banking commoditization
jiboutin
 
Web3 Security Outlook 2022-2023
Web3 Security Outlook 2022-2023Web3 Security Outlook 2022-2023
Web3 Security Outlook 2022-2023
QuillAudits
 
Million Browser Botnet
Million Browser BotnetMillion Browser Botnet
Million Browser Botnet
Source Conference
 
I want the next generation web here SPDY QUIC
I want the next generation web here SPDY QUICI want the next generation web here SPDY QUIC
I want the next generation web here SPDY QUIC
Source Conference
 

More Related Content

Similar to iBanking - a botnet on Android

Short 1100 Jart Armin - The Pocket Botnet
Short 1100 Jart Armin - The Pocket BotnetShort 1100 Jart Armin - The Pocket Botnet
Short 1100 Jart Armin - The Pocket BotnetUISGCON
 
Short 11-00 Jart Armin - The Pocket Botnet
Short 11-00 Jart Armin - The Pocket BotnetShort 11-00 Jart Armin - The Pocket Botnet
Short 11-00 Jart Armin - The Pocket BotnetUISGCON
 
State of Bitcoin Security - Inside Bitcoins April 2014 - Bojan Simic
State of Bitcoin Security - Inside Bitcoins April 2014 - Bojan SimicState of Bitcoin Security - Inside Bitcoins April 2014 - Bojan Simic
State of Bitcoin Security - Inside Bitcoins April 2014 - Bojan SimicBojan Simic
 
State of bitcoin security
State of bitcoin securityState of bitcoin security
State of bitcoin security
Mediabistro
 
Forensic And Cloud Computing
Forensic And Cloud ComputingForensic And Cloud Computing
Forensic And Cloud Computing
Mitesh Katira
 
Webcast - how can banks defend against fraud?
Webcast - how can banks defend against fraud?Webcast - how can banks defend against fraud?
Webcast - how can banks defend against fraud?
Uniphore
 
Cyber crime and cyber security
Cyber crime and cyber securityCyber crime and cyber security
Cyber crime and cyber securityKeshab Nath
 
KICA Case Study: Bio-Authentication and PKI Trends in Korea -FIDO Alliance -T...
KICA Case Study: Bio-Authentication and PKI Trends in Korea -FIDO Alliance -T...KICA Case Study: Bio-Authentication and PKI Trends in Korea -FIDO Alliance -T...
KICA Case Study: Bio-Authentication and PKI Trends in Korea -FIDO Alliance -T...
FIDO Alliance
 
Cyber Security - Whats the Worst that Could Happen
Cyber Security - Whats the Worst that Could HappenCyber Security - Whats the Worst that Could Happen
Cyber Security - Whats the Worst that Could Happen
Rob Stevenson
 
Bitcoin presentation
Bitcoin presentationBitcoin presentation
Bitcoin presentation
Mahendra Vishwkarma
 
Cyber Raksha - by Vanshit Malhotra
Cyber Raksha - by Vanshit MalhotraCyber Raksha - by Vanshit Malhotra
Cyber Raksha - by Vanshit Malhotra
Vanshit Malhotra
 
Cybercrime & Cybersecurity
Cybercrime & CybersecurityCybercrime & Cybersecurity
Cybercrime & Cybersecurity
RitamaJana
 
Smartphone Ownage: The state of mobile botnets and rootkits
Smartphone Ownage: The state of mobile botnets and rootkitsSmartphone Ownage: The state of mobile botnets and rootkits
Smartphone Ownage: The state of mobile botnets and rootkits
Jimmy Shah
 
Cybercrimes against the korean online banking systems 1227 eng_slideshare
Cybercrimes against the korean online banking systems 1227 eng_slideshareCybercrimes against the korean online banking systems 1227 eng_slideshare
Cybercrimes against the korean online banking systems 1227 eng_slideshare
Youngjun Chang
 
IBM Cyber Threat Analysis
IBM Cyber Threat AnalysisIBM Cyber Threat Analysis
IBM Cyber Threat Analysis
IBM Government
 
The Endless Wave of Online Threats - Protecting our Community
The Endless Wave of Online Threats - Protecting our CommunityThe Endless Wave of Online Threats - Protecting our Community
The Endless Wave of Online Threats - Protecting our Community
AVG Technologies AU
 
RSA Online Fraud Report - August 2014
RSA Online Fraud Report - August 2014RSA Online Fraud Report - August 2014
RSA Online Fraud Report - August 2014
EMC
 
Bitcoin Presentation.pptx
Bitcoin Presentation.pptxBitcoin Presentation.pptx
Bitcoin Presentation.pptx
AshutoshSingh502936
 
Mobile banking commoditization
Mobile banking commoditizationMobile banking commoditization
Mobile banking commoditization
jiboutin
 
Web3 Security Outlook 2022-2023
Web3 Security Outlook 2022-2023Web3 Security Outlook 2022-2023
Web3 Security Outlook 2022-2023
QuillAudits
 

Similar to iBanking - a botnet on Android (20)

Short 1100 Jart Armin - The Pocket Botnet
Short 1100 Jart Armin - The Pocket BotnetShort 1100 Jart Armin - The Pocket Botnet
Short 1100 Jart Armin - The Pocket Botnet
 
Short 11-00 Jart Armin - The Pocket Botnet
Short 11-00 Jart Armin - The Pocket BotnetShort 11-00 Jart Armin - The Pocket Botnet
Short 11-00 Jart Armin - The Pocket Botnet
 
State of Bitcoin Security - Inside Bitcoins April 2014 - Bojan Simic
State of Bitcoin Security - Inside Bitcoins April 2014 - Bojan SimicState of Bitcoin Security - Inside Bitcoins April 2014 - Bojan Simic
State of Bitcoin Security - Inside Bitcoins April 2014 - Bojan Simic
 
State of bitcoin security
State of bitcoin securityState of bitcoin security
State of bitcoin security
 
Forensic And Cloud Computing
Forensic And Cloud ComputingForensic And Cloud Computing
Forensic And Cloud Computing
 
Webcast - how can banks defend against fraud?
Webcast - how can banks defend against fraud?Webcast - how can banks defend against fraud?
Webcast - how can banks defend against fraud?
 
Cyber crime and cyber security
Cyber crime and cyber securityCyber crime and cyber security
Cyber crime and cyber security
 
KICA Case Study: Bio-Authentication and PKI Trends in Korea -FIDO Alliance -T...
KICA Case Study: Bio-Authentication and PKI Trends in Korea -FIDO Alliance -T...KICA Case Study: Bio-Authentication and PKI Trends in Korea -FIDO Alliance -T...
KICA Case Study: Bio-Authentication and PKI Trends in Korea -FIDO Alliance -T...
 
Cyber Security - Whats the Worst that Could Happen
Cyber Security - Whats the Worst that Could HappenCyber Security - Whats the Worst that Could Happen
Cyber Security - Whats the Worst that Could Happen
 
Bitcoin presentation
Bitcoin presentationBitcoin presentation
Bitcoin presentation
 
Cyber Raksha - by Vanshit Malhotra
Cyber Raksha - by Vanshit MalhotraCyber Raksha - by Vanshit Malhotra
Cyber Raksha - by Vanshit Malhotra
 
Cybercrime & Cybersecurity
Cybercrime & CybersecurityCybercrime & Cybersecurity
Cybercrime & Cybersecurity
 
Smartphone Ownage: The state of mobile botnets and rootkits
Smartphone Ownage: The state of mobile botnets and rootkitsSmartphone Ownage: The state of mobile botnets and rootkits
Smartphone Ownage: The state of mobile botnets and rootkits
 
Cybercrimes against the korean online banking systems 1227 eng_slideshare
Cybercrimes against the korean online banking systems 1227 eng_slideshareCybercrimes against the korean online banking systems 1227 eng_slideshare
Cybercrimes against the korean online banking systems 1227 eng_slideshare
 
IBM Cyber Threat Analysis
IBM Cyber Threat AnalysisIBM Cyber Threat Analysis
IBM Cyber Threat Analysis
 
The Endless Wave of Online Threats - Protecting our Community
The Endless Wave of Online Threats - Protecting our CommunityThe Endless Wave of Online Threats - Protecting our Community
The Endless Wave of Online Threats - Protecting our Community
 
RSA Online Fraud Report - August 2014
RSA Online Fraud Report - August 2014RSA Online Fraud Report - August 2014
RSA Online Fraud Report - August 2014
 
Bitcoin Presentation.pptx
Bitcoin Presentation.pptxBitcoin Presentation.pptx
Bitcoin Presentation.pptx
 
Mobile banking commoditization
Mobile banking commoditizationMobile banking commoditization
Mobile banking commoditization
 
Web3 Security Outlook 2022-2023
Web3 Security Outlook 2022-2023Web3 Security Outlook 2022-2023
Web3 Security Outlook 2022-2023
 

More from Source Conference

Million Browser Botnet
Million Browser BotnetMillion Browser Botnet
Million Browser Botnet
Source Conference
 
I want the next generation web here SPDY QUIC
I want the next generation web here SPDY QUICI want the next generation web here SPDY QUIC
I want the next generation web here SPDY QUIC
Source Conference
 
From DNA Sequence Variation to .NET Bits and Bobs
From DNA Sequence Variation to .NET Bits and BobsFrom DNA Sequence Variation to .NET Bits and Bobs
From DNA Sequence Variation to .NET Bits and Bobs
Source Conference
 
Extracting Forensic Information From Zeus Derivatives
Extracting Forensic Information From Zeus DerivativesExtracting Forensic Information From Zeus Derivatives
Extracting Forensic Information From Zeus Derivatives
Source Conference
 
How to Like Social Media Network Security
How to Like Social Media Network SecurityHow to Like Social Media Network Security
How to Like Social Media Network Security
Source Conference
 
Wfuzz para Penetration Testers
Wfuzz para Penetration TestersWfuzz para Penetration Testers
Wfuzz para Penetration Testers
Source Conference
 
Security Goodness with Ruby on Rails
Security Goodness with Ruby on RailsSecurity Goodness with Ruby on Rails
Security Goodness with Ruby on Rails
Source Conference
 
Securty Testing For RESTful Applications
Securty Testing For RESTful ApplicationsSecurty Testing For RESTful Applications
Securty Testing For RESTful Applications
Source Conference
 
Esteganografia
EsteganografiaEsteganografia
Esteganografia
Source Conference
 
Men in the Server Meet the Man in the Browser
Men in the Server Meet the Man in the BrowserMen in the Server Meet the Man in the Browser
Men in the Server Meet the Man in the Browser
Source Conference
 
Advanced Data Exfiltration The Way Q Would Have Done It
Advanced Data Exfiltration The Way Q Would Have Done ItAdvanced Data Exfiltration The Way Q Would Have Done It
Advanced Data Exfiltration The Way Q Would Have Done It
Source Conference
 
Adapting To The Age Of Anonymous
Adapting To The Age Of AnonymousAdapting To The Age Of Anonymous
Adapting To The Age Of Anonymous
Source Conference
 
Are Agile And Secure Development Mutually Exclusive?
Are Agile And Secure Development Mutually Exclusive?Are Agile And Secure Development Mutually Exclusive?
Are Agile And Secure Development Mutually Exclusive?
Source Conference
 
Advanced (persistent) binary planting
Advanced (persistent) binary plantingAdvanced (persistent) binary planting
Advanced (persistent) binary planting
Source Conference
 
Legal/technical strategies addressing data risks as perimeter shifts to Cloud
Legal/technical strategies addressing data risks as perimeter shifts to CloudLegal/technical strategies addressing data risks as perimeter shifts to Cloud
Legal/technical strategies addressing data risks as perimeter shifts to Cloud
Source Conference
 
Who should the security team hire next?
Who should the security team hire next?Who should the security team hire next?
Who should the security team hire next?
Source Conference
 
The Latest Developments in Computer Crime Law
The Latest Developments in Computer Crime LawThe Latest Developments in Computer Crime Law
The Latest Developments in Computer Crime Law
Source Conference
 
JSF Security
JSF SecurityJSF Security
JSF Security
Source Conference
 
How To: Find The Right Amount Of Security Spend
How To: Find The Right Amount Of Security SpendHow To: Find The Right Amount Of Security Spend
How To: Find The Right Amount Of Security Spend
Source Conference
 
Everything you should already know about MS-SQL post-exploitation
Everything you should already know about MS-SQL post-exploitationEverything you should already know about MS-SQL post-exploitation
Everything you should already know about MS-SQL post-exploitation
Source Conference
 

More from Source Conference (20)

Million Browser Botnet
Million Browser BotnetMillion Browser Botnet
Million Browser Botnet
 
I want the next generation web here SPDY QUIC
I want the next generation web here SPDY QUICI want the next generation web here SPDY QUIC
I want the next generation web here SPDY QUIC
 
From DNA Sequence Variation to .NET Bits and Bobs
From DNA Sequence Variation to .NET Bits and BobsFrom DNA Sequence Variation to .NET Bits and Bobs
From DNA Sequence Variation to .NET Bits and Bobs
 
Extracting Forensic Information From Zeus Derivatives
Extracting Forensic Information From Zeus DerivativesExtracting Forensic Information From Zeus Derivatives
Extracting Forensic Information From Zeus Derivatives
 
How to Like Social Media Network Security
How to Like Social Media Network SecurityHow to Like Social Media Network Security
How to Like Social Media Network Security
 
Wfuzz para Penetration Testers
Wfuzz para Penetration TestersWfuzz para Penetration Testers
Wfuzz para Penetration Testers
 
Security Goodness with Ruby on Rails
Security Goodness with Ruby on RailsSecurity Goodness with Ruby on Rails
Security Goodness with Ruby on Rails
 
Securty Testing For RESTful Applications
Securty Testing For RESTful ApplicationsSecurty Testing For RESTful Applications
Securty Testing For RESTful Applications
 
Esteganografia
EsteganografiaEsteganografia
Esteganografia
 
Men in the Server Meet the Man in the Browser
Men in the Server Meet the Man in the BrowserMen in the Server Meet the Man in the Browser
Men in the Server Meet the Man in the Browser
 
Advanced Data Exfiltration The Way Q Would Have Done It
Advanced Data Exfiltration The Way Q Would Have Done ItAdvanced Data Exfiltration The Way Q Would Have Done It
Advanced Data Exfiltration The Way Q Would Have Done It
 
Adapting To The Age Of Anonymous
Adapting To The Age Of AnonymousAdapting To The Age Of Anonymous
Adapting To The Age Of Anonymous
 
Are Agile And Secure Development Mutually Exclusive?
Are Agile And Secure Development Mutually Exclusive?Are Agile And Secure Development Mutually Exclusive?
Are Agile And Secure Development Mutually Exclusive?
 
Advanced (persistent) binary planting
Advanced (persistent) binary plantingAdvanced (persistent) binary planting
Advanced (persistent) binary planting
 
Legal/technical strategies addressing data risks as perimeter shifts to Cloud
Legal/technical strategies addressing data risks as perimeter shifts to CloudLegal/technical strategies addressing data risks as perimeter shifts to Cloud
Legal/technical strategies addressing data risks as perimeter shifts to Cloud
 
Who should the security team hire next?
Who should the security team hire next?Who should the security team hire next?
Who should the security team hire next?
 
The Latest Developments in Computer Crime Law
The Latest Developments in Computer Crime LawThe Latest Developments in Computer Crime Law
The Latest Developments in Computer Crime Law
 
JSF Security
JSF SecurityJSF Security
JSF Security
 
How To: Find The Right Amount Of Security Spend
How To: Find The Right Amount Of Security SpendHow To: Find The Right Amount Of Security Spend
How To: Find The Right Amount Of Security Spend
 
Everything you should already know about MS-SQL post-exploitation
Everything you should already know about MS-SQL post-exploitationEverything you should already know about MS-SQL post-exploitation
Everything you should already know about MS-SQL post-exploitation
 

Recently uploaded

Why You Should Replace Windows 11 with Nitrux Linux 3.5.0 for enhanced perfor...
Why You Should Replace Windows 11 with Nitrux Linux 3.5.0 for enhanced perfor...Why You Should Replace Windows 11 with Nitrux Linux 3.5.0 for enhanced perfor...
Why You Should Replace Windows 11 with Nitrux Linux 3.5.0 for enhanced perfor...
SOFTTECHHUB
 
Communications Mining Series - Zero to Hero - Session 1
Communications Mining Series - Zero to Hero - Session 1Communications Mining Series - Zero to Hero - Session 1
Communications Mining Series - Zero to Hero - Session 1
DianaGray10
 
Video Streaming: Then, Now, and in the Future
Video Streaming: Then, Now, and in the FutureVideo Streaming: Then, Now, and in the Future
Video Streaming: Then, Now, and in the Future
Alpen-Adria-Universität
 
20240605 QFM017 Machine Intelligence Reading List May 2024
20240605 QFM017 Machine Intelligence Reading List May 202420240605 QFM017 Machine Intelligence Reading List May 2024
20240605 QFM017 Machine Intelligence Reading List May 2024
Matthew Sinclair
 
Monitoring Java Application Security with JDK Tools and JFR Events
Monitoring Java Application Security with JDK Tools and JFR EventsMonitoring Java Application Security with JDK Tools and JFR Events
Monitoring Java Application Security with JDK Tools and JFR Events
Ana-Maria Mihalceanu
 
UiPath Test Automation using UiPath Test Suite series, part 5
UiPath Test Automation using UiPath Test Suite series, part 5UiPath Test Automation using UiPath Test Suite series, part 5
UiPath Test Automation using UiPath Test Suite series, part 5
DianaGray10
 
Introduction to CHERI technology - Cybersecurity
Introduction to CHERI technology - CybersecurityIntroduction to CHERI technology - Cybersecurity
Introduction to CHERI technology - Cybersecurity
mikeeftimakis1
 
Uni Systems Copilot event_05062024_C.Vlachos.pdf
Uni Systems Copilot event_05062024_C.Vlachos.pdfUni Systems Copilot event_05062024_C.Vlachos.pdf
Uni Systems Copilot event_05062024_C.Vlachos.pdf
Uni Systems S.M.S.A.
 
Generative AI Deep Dive: Advancing from Proof of Concept to Production
Generative AI Deep Dive: Advancing from Proof of Concept to ProductionGenerative AI Deep Dive: Advancing from Proof of Concept to Production
Generative AI Deep Dive: Advancing from Proof of Concept to Production
Aggregage
 
Elizabeth Buie - Older adults: Are we really designing for our future selves?
Elizabeth Buie - Older adults: Are we really designing for our future selves?Elizabeth Buie - Older adults: Are we really designing for our future selves?
Elizabeth Buie - Older adults: Are we really designing for our future selves?
Nexer Digital
 
GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using Deplo...
GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using Deplo...GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using Deplo...
GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using Deplo...
James Anderson
 
PCI PIN Basics Webinar from the Controlcase Team
PCI PIN Basics Webinar from the Controlcase TeamPCI PIN Basics Webinar from the Controlcase Team
PCI PIN Basics Webinar from the Controlcase Team
ControlCase
 
Secstrike : Reverse Engineering & Pwnable tools for CTF.pptx
Secstrike : Reverse Engineering & Pwnable tools for CTF.pptxSecstrike : Reverse Engineering & Pwnable tools for CTF.pptx
Secstrike : Reverse Engineering & Pwnable tools for CTF.pptx
nkrafacyberclub
 
Alt. GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using ...
Alt. GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using ...Alt. GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using ...
Alt. GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using ...
James Anderson
 
20240607 QFM018 Elixir Reading List May 2024
20240607 QFM018 Elixir Reading List May 202420240607 QFM018 Elixir Reading List May 2024
20240607 QFM018 Elixir Reading List May 2024
Matthew Sinclair
 
A tale of scale & speed: How the US Navy is enabling software delivery from l...
A tale of scale & speed: How the US Navy is enabling software delivery from l...A tale of scale & speed: How the US Navy is enabling software delivery from l...
A tale of scale & speed: How the US Navy is enabling software delivery from l...
sonjaschweigert1
 
The Art of the Pitch: WordPress Relationships and Sales
The Art of the Pitch: WordPress Relationships and SalesThe Art of the Pitch: WordPress Relationships and Sales
The Art of the Pitch: WordPress Relationships and Sales
Laura Byrne
 
Epistemic Interaction - tuning interfaces to provide information for AI support
Epistemic Interaction - tuning interfaces to provide information for AI supportEpistemic Interaction - tuning interfaces to provide information for AI support
Epistemic Interaction - tuning interfaces to provide information for AI support
Alan Dix
 
GraphRAG is All You need? LLM & Knowledge Graph
GraphRAG is All You need? LLM & Knowledge GraphGraphRAG is All You need? LLM & Knowledge Graph
GraphRAG is All You need? LLM & Knowledge Graph
Guy Korland
 
DevOps and Testing slides at DASA Connect
DevOps and Testing slides at DASA ConnectDevOps and Testing slides at DASA Connect
DevOps and Testing slides at DASA Connect
Kari Kakkonen
 

Recently uploaded (20)

Why You Should Replace Windows 11 with Nitrux Linux 3.5.0 for enhanced perfor...
Why You Should Replace Windows 11 with Nitrux Linux 3.5.0 for enhanced perfor...Why You Should Replace Windows 11 with Nitrux Linux 3.5.0 for enhanced perfor...
Why You Should Replace Windows 11 with Nitrux Linux 3.5.0 for enhanced perfor...
 
Communications Mining Series - Zero to Hero - Session 1
Communications Mining Series - Zero to Hero - Session 1Communications Mining Series - Zero to Hero - Session 1
Communications Mining Series - Zero to Hero - Session 1
 
Video Streaming: Then, Now, and in the Future
Video Streaming: Then, Now, and in the FutureVideo Streaming: Then, Now, and in the Future
Video Streaming: Then, Now, and in the Future
 
20240605 QFM017 Machine Intelligence Reading List May 2024
20240605 QFM017 Machine Intelligence Reading List May 202420240605 QFM017 Machine Intelligence Reading List May 2024
20240605 QFM017 Machine Intelligence Reading List May 2024
 
Monitoring Java Application Security with JDK Tools and JFR Events
Monitoring Java Application Security with JDK Tools and JFR EventsMonitoring Java Application Security with JDK Tools and JFR Events
Monitoring Java Application Security with JDK Tools and JFR Events
 
UiPath Test Automation using UiPath Test Suite series, part 5
UiPath Test Automation using UiPath Test Suite series, part 5UiPath Test Automation using UiPath Test Suite series, part 5
UiPath Test Automation using UiPath Test Suite series, part 5
 
Introduction to CHERI technology - Cybersecurity
Introduction to CHERI technology - CybersecurityIntroduction to CHERI technology - Cybersecurity
Introduction to CHERI technology - Cybersecurity
 
Uni Systems Copilot event_05062024_C.Vlachos.pdf
Uni Systems Copilot event_05062024_C.Vlachos.pdfUni Systems Copilot event_05062024_C.Vlachos.pdf
Uni Systems Copilot event_05062024_C.Vlachos.pdf
 
Generative AI Deep Dive: Advancing from Proof of Concept to Production
Generative AI Deep Dive: Advancing from Proof of Concept to ProductionGenerative AI Deep Dive: Advancing from Proof of Concept to Production
Generative AI Deep Dive: Advancing from Proof of Concept to Production
 
Elizabeth Buie - Older adults: Are we really designing for our future selves?
Elizabeth Buie - Older adults: Are we really designing for our future selves?Elizabeth Buie - Older adults: Are we really designing for our future selves?
Elizabeth Buie - Older adults: Are we really designing for our future selves?
 
GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using Deplo...
GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using Deplo...GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using Deplo...
GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using Deplo...
 
PCI PIN Basics Webinar from the Controlcase Team
PCI PIN Basics Webinar from the Controlcase TeamPCI PIN Basics Webinar from the Controlcase Team
PCI PIN Basics Webinar from the Controlcase Team
 
Secstrike : Reverse Engineering & Pwnable tools for CTF.pptx
Secstrike : Reverse Engineering & Pwnable tools for CTF.pptxSecstrike : Reverse Engineering & Pwnable tools for CTF.pptx
Secstrike : Reverse Engineering & Pwnable tools for CTF.pptx
 
Alt. GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using ...
Alt. GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using ...Alt. GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using ...
Alt. GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using ...
 
20240607 QFM018 Elixir Reading List May 2024
20240607 QFM018 Elixir Reading List May 202420240607 QFM018 Elixir Reading List May 2024
20240607 QFM018 Elixir Reading List May 2024
 
A tale of scale & speed: How the US Navy is enabling software delivery from l...
A tale of scale & speed: How the US Navy is enabling software delivery from l...A tale of scale & speed: How the US Navy is enabling software delivery from l...
A tale of scale & speed: How the US Navy is enabling software delivery from l...
 
The Art of the Pitch: WordPress Relationships and Sales
The Art of the Pitch: WordPress Relationships and SalesThe Art of the Pitch: WordPress Relationships and Sales
The Art of the Pitch: WordPress Relationships and Sales
 
Epistemic Interaction - tuning interfaces to provide information for AI support
Epistemic Interaction - tuning interfaces to provide information for AI supportEpistemic Interaction - tuning interfaces to provide information for AI support
Epistemic Interaction - tuning interfaces to provide information for AI support
 
GraphRAG is All You need? LLM & Knowledge Graph
GraphRAG is All You need? LLM & Knowledge GraphGraphRAG is All You need? LLM & Knowledge Graph
GraphRAG is All You need? LLM & Knowledge Graph
 
DevOps and Testing slides at DASA Connect
DevOps and Testing slides at DASA ConnectDevOps and Testing slides at DASA Connect
DevOps and Testing slides at DASA Connect
 

iBanking - a botnet on Android

  • 1. iBanking – a Botnet on Android 1 iBanking – a Botnet on Android Stephen Doherty Senior Threat Intelligence Analyst
  • 2. iBanking - Agenda iBanking – a Botnet on Android 2 iBanking – what is it?1 The Evolution of iBanking2 There’s no Honour among Thieves3
  • 3. iBanking – a Botnet on Android 3 iBanking What is it?
  • 4. What does the end user see? iBanking – a Botnet on Android 4 Polish Fake AV Scanner The Many Faces of iBanking
  • 5. The Capabilities of iBanking? Features of iBanking Steal Device Information Intercept SMS Intercept Phone Calls Forward/Redirect Calls Steal Address Book Record Audio on Microphone Send SMS Get geo-location List files on file system List running applications Prevent uninstallation Factory Reset iBanking – a Botnet on Android 5 Controllable over SMS/HTTP
  • 6. iBanking Control Panel • Control Multiple iBanking botnet from a single UI iBanking – a Botnet on Android 6
  • 7. iBanking Control Panel • Simple dropdown to Issue commands iBanking – a Botnet on Android 7
  • 8. iBanking Control Panel Majority of control numbers in Russia iBanking – a Botnet on Android 8
  • 9. How do I get infected with iBanking? iBanking – a Botnet on Android 9
  • 10. Getting infected with iBanking iBanking – a Botnet on Android 10
  • 11. Getting infected with iBanking iBanking – a Botnet on Android 11
  • 12. But that’s not all! • My PC is secure • I wouldn’t fall for this type of social engineering scam iBanking – A Botnet on Android 12 Chance Lodging software in Google Play - GFF
  • 13. iBanking – a Botnet on Android 13 The Evolution of iBanking How has it evolved?
  • 14. iBanking – pre sale version in the wild (August 2013) • Earliest iBanking varient discovered • Simple call redirector/SMS sniffer • Control Server Registrant Email – ctouma2@googlemail.com iBanking – a Botnet on Android 14
  • 15. Russian private forum (September 17th, 2013) iBanking – a Botnet on Android 15
  • 16. iBanking source code leaked (February 2nd, 2014) iBanking – A Botnet on Android 16
  • 17. iBanking source code leaked (February 2nd, 2014) iBanking – a Botnet on Android 17
  • 18. Android 0-day exploit in work (March 6th, 2014) iBanking – a Botnet on Android 18 “Work! In the near future is expected to announce in my workshop! 0-day vulnerability in android! :-)”
  • 19. iBanking – a Botnet on Android 19 There is no honour among thieves A hackers quest to recover 65k stolen bitcoins
  • 21. The Priv8 Team iBanking – a Botnet on Android 21
  • 22. Wanna sign up? iBanking – a Botnet on Android 22
  • 23. Hey I lost 65k BTC, can you help me? • Phones are secure right? – Store your Bitcoin wallet/credentials on the phone • ReVOLVeR gets busy reversing! – Command & Control • myredskins.net iBanking – a Botnet on Android 23
  • 24. iBanking Control Panel – Admin login • Authentication required! iBanking – A Botnet on Android 24 http://[IBANKING_DOMAIN]/iBanking/sendFile.php
  • 25. There be treasure? iBanking – A Botnet on Android 25
  • 26. ReVOLVer – Hacking the BBC iBanking – A Botnet on Android 26
  • 27. BBC confirms Hacking incident iBanking – a Botnet on Android 27
  • 28. ReVOLVer – Reselling iBanking iBanking – a Botnet on Android 28 January 6th, 2014
  • 29. Thank you! Copyright © 2012 Symantec Corporation. All rights reserved. Symantec and the Symantec Logo are trademarks or registered trademarks of Symantec Corporation or its affiliates in the U.S. and other countries. Other names may be trademarks of their respective owners. This document is provided for informational purposes only and is not intended as advertising. All warranties relating to the information in this document, either express or implied, are disclaimed to the maximum extent allowed by law. The information in this document is subject to change without notice. iBanking – a Botnet on Android 29 Stephen Doherty, Senior Threat Intelligence Analyst, Attack Investigations Team,