Russian security firm Group-IB claims that a new version of Carberp, a banking Trojan program used exclusively in Russian-speaking countries is being sold together with custom scripts that would enable cybercriminals to target U.S. online banking customers. The information-stealing malware Carberp was discovered in 2010 and started out as a private Trojan program used by a single gang.
In early 2011, its creators made available the malware’s builder, using which the Trojan program were optimized, for $10,000 to a limited number of customers. This paved the way for several Carberp-powered operations that attacked online banking users from Russia, Ukraine, Belarus, Kazakhstan, Moldova and other former Soviet Union states.[article_detail_ad_1]
Between March and June of 2012, the bosses of the three biggest Carberp cybercriminal gangs were detained in Russia. Group-IB provided help to Russian law enforcement officials in the investigations. The creators of the Carberp malware who were silent since last year, last week, used an underground forum last week to start advertising a new and better version of the malware, according to security researchers from RSA.
The Trojan program has been offered on a monthly subscription-based model with prices in a range of $2,000 to $10,000 depending on several other modules, or for a one-time fee of $40,000, which buys the builder application for a special Carberp version that includes a bootkit, boot sector rootkit, component.
The RSA researchers said Friday in a blog post that no developer in cybercrime history has ever asked such price for a banking Trojan.
Security researchers from Russian antivirus vendor Kaspersky Lab reported on Friday that Google Play showed a number of Carberp-related Android apps designed to steal online transaction authentication codes sent by banks to customers using SMS.
Andrey Komarov, who is Group-IB’s cheif of international projects department, claimed to have reliable information disclosing that Web injects, scripts that define how banking malware interacts with targeted websites, are being developed and sold by the Carberp creators. The report claims that this time the target will be the sites of key North American banks including Citigroup Inc. (NYSE:C), Wells Fargo & Company (NYSE:WFC), BofA, JPMorgan Chase & Co. (NYSE:JPM) and TD Bank.