Locked GM Bot Android Malware Full Source

[Diabl0]

About:

The recent version of GM Bot (dubbed MazarBOT) has the capability to display phishing pages on the top of mobile banking applications in an effort to trick Android users into handing over their financial credentials to the fraudsters.

 

Besides this, the banking trojan is also capable of forwarding phone calls and intercepting SMS messages to help fraudsters bypass an additional layer of bank security mechanisms, and locking a device’s screen.

 

Malware Features Include:

 

> Spy on victims

> Delete data from the infected device

> Gain boot persistence to help survive device restart

> Send and Read your SMS message

> Make Calls to your contacts

> Read the phone's state

> Plague phone's control keys

> Infect your Chrome browser

> Change phone settings

> Force the phone into sleep mode

> Query the network status

> Access the Internet

> Wipe your device's storage (the most critical capabilities of the malware)

 

However, someone leaked the malware source code only to boost his/her reputation on an underground forum.

 

Image:

 

This is the hidden content, please

• Sign In
• or
• Sign Up

 

More Info:

Recently, we obtained a sample of a new Android banking trojan, named GMBot, which tries to be self-contained (i.e. does not need Windows counterpart) and uses application overlay as a poor man’s webinjects substitute. This malware uses known and common techniques, but implements them in a way similar to the webinject-based malware known from Windows OS. This bot’s old source code, written in Java, was also available on a Google-indexed Russian file sharing website. While we want to stress out that GMBot does not do Android webinjects, it is hard not to draw a parallel between webinjects infrastructure and what GMbot does. Is this a glimpse in the future of mobile banking trojans?

 

Source Code:

[HIDE-THANKS]

Link:

This is the hidden content, please

• Sign In
• or
• Sign Up

[/HIDE-THANKS]

Enjoy!