SlideShare una empresa de Scribd logo

iBanking - a botnet on Android

Source Conference
Source Conference

Stephen Doherty, Symantec - iBanking is a relative newcomer to the mobile malware scene whose use was first identified in August of 2013. The Trojan targets Android devices and can be remotely controlled over SMS and HTTP. iBanking began life as a simple SMS stealer and call redirector, but has undergone significant development since then. iBanking is available for purchase on a private underground forum for between $4k - $5k, with the next release expected to include a 0-day exploit for the Android operating system. This presentation will discuss iBanking - it's capabilities and the reasons for targeting mobile devices.

Tecnología
1 de 29
Descargar para leer sin conexión
iBanking – a Botnet on Android 1 iBanking – a Botnet on Android Stephen Doherty Senior Threat Intelligence Analyst
iBanking - Agenda iBanking – a Botnet on Android 2 iBanking – what is it?1 The Evolution of iBanking2 There’s no Honour among Thieves3
iBanking – a Botnet on Android 3 iBanking What is it?
What does the end user see? iBanking – a Botnet on Android 4 Polish Fake AV Scanner The Many Faces of iBanking
The Capabilities of iBanking? Features of iBanking Steal Device Information Intercept SMS Intercept Phone Calls Forward/Redirect Calls Steal Address Book Record Audio on Microphone Send SMS Get geo-location List files on file system List running applications Prevent uninstallation Factory Reset iBanking – a Botnet on Android 5 Controllable over SMS/HTTP
iBanking Control Panel • Control Multiple iBanking botnet from a single UI iBanking – a Botnet on Android 6
iBanking Control Panel • Simple dropdown to Issue commands iBanking – a Botnet on Android 7
iBanking Control Panel Majority of control numbers in Russia iBanking – a Botnet on Android 8
How do I get infected with iBanking? iBanking – a Botnet on Android 9
Getting infected with iBanking iBanking – a Botnet on Android 10
Getting infected with iBanking iBanking – a Botnet on Android 11
But that’s not all! • My PC is secure • I wouldn’t fall for this type of social engineering scam iBanking – A Botnet on Android 12 Chance Lodging software in Google Play - GFF
iBanking – a Botnet on Android 13 The Evolution of iBanking How has it evolved?
iBanking – pre sale version in the wild (August 2013) • Earliest iBanking varient discovered • Simple call redirector/SMS sniffer • Control Server Registrant Email – ctouma2@googlemail.com iBanking – a Botnet on Android 14
Russian private forum (September 17th, 2013) iBanking – a Botnet on Android 15
iBanking source code leaked (February 2nd, 2014) iBanking – A Botnet on Android 16
iBanking source code leaked (February 2nd, 2014) iBanking – a Botnet on Android 17
Android 0-day exploit in work (March 6th, 2014) iBanking – a Botnet on Android 18 “Work! In the near future is expected to announce in my workshop! 0-day vulnerability in android! :-)”
iBanking – a Botnet on Android 19 There is no honour among thieves A hackers quest to recover 65k stolen bitcoins
ReVOLVeR https://twitter.com/rev_priv8 iBanking – a Botnet on Android 20
The Priv8 Team iBanking – a Botnet on Android 21
Wanna sign up? iBanking – a Botnet on Android 22
Hey I lost 65k BTC, can you help me? • Phones are secure right? – Store your Bitcoin wallet/credentials on the phone • ReVOLVeR gets busy reversing! – Command & Control • myredskins.net iBanking – a Botnet on Android 23
iBanking Control Panel – Admin login • Authentication required! iBanking – A Botnet on Android 24 http://[IBANKING_DOMAIN]/iBanking/sendFile.php
There be treasure? iBanking – A Botnet on Android 25
ReVOLVer – Hacking the BBC iBanking – A Botnet on Android 26
BBC confirms Hacking incident iBanking – a Botnet on Android 27
ReVOLVer – Reselling iBanking iBanking – a Botnet on Android 28 January 6th, 2014
Thank you! Copyright © 2012 Symantec Corporation. All rights reserved. Symantec and the Symantec Logo are trademarks or registered trademarks of Symantec Corporation or its affiliates in the U.S. and other countries. Other names may be trademarks of their respective owners. This document is provided for informational purposes only and is not intended as advertising. All warranties relating to the information in this document, either express or implied, are disclaimed to the maximum extent allowed by law. The information in this document is subject to change without notice. iBanking – a Botnet on Android 29 Stephen Doherty, Senior Threat Intelligence Analyst, Attack Investigations Team,

Recomendados

Hack
HackHack
HackNo one Dencker
 
Overview of FIDO Security Requirements and Certifications
Overview of FIDO Security Requirements and CertificationsOverview of FIDO Security Requirements and Certifications
Overview of FIDO Security Requirements and CertificationsFIDO Alliance
 
New FIDO Specifications Overview -FIDO Alliance -Tokyo Seminar -Nadalin
New FIDO Specifications Overview -FIDO Alliance -Tokyo Seminar -NadalinNew FIDO Specifications Overview -FIDO Alliance -Tokyo Seminar -Nadalin
New FIDO Specifications Overview -FIDO Alliance -Tokyo Seminar -NadalinFIDO Alliance
 
FIDO UAF and PKI in Asia - Case Study and Recommendations
FIDO UAF and PKI in Asia - Case Study and RecommendationsFIDO UAF and PKI in Asia - Case Study and Recommendations
FIDO UAF and PKI in Asia - Case Study and RecommendationsFIDO Alliance
 
LINEのFIDO導入と将来展望
LINEのFIDO導入と将来展望LINEのFIDO導入と将来展望
LINEのFIDO導入と将来展望FIDO Alliance
 
0164 pruebas de_performance_en_aplicaciones_win_gene_xus
0164 pruebas de_performance_en_aplicaciones_win_gene_xus0164 pruebas de_performance_en_aplicaciones_win_gene_xus
0164 pruebas de_performance_en_aplicaciones_win_gene_xusGeneXus
 
0131 tu aplicacion_gene_xus_en_la_nube_lo_que_se_necesita
0131 tu aplicacion_gene_xus_en_la_nube_lo_que_se_necesita0131 tu aplicacion_gene_xus_en_la_nube_lo_que_se_necesita
0131 tu aplicacion_gene_xus_en_la_nube_lo_que_se_necesitaGeneXus
 
Operaciones bancarias 04
Operaciones bancarias 04Operaciones bancarias 04
Operaciones bancarias 04Videoconferencias UTPL
 

Recomendados

Hack
HackHack
HackNo one Dencker
 
Overview of FIDO Security Requirements and Certifications
Overview of FIDO Security Requirements and CertificationsOverview of FIDO Security Requirements and Certifications
Overview of FIDO Security Requirements and CertificationsFIDO Alliance
 
New FIDO Specifications Overview -FIDO Alliance -Tokyo Seminar -Nadalin
New FIDO Specifications Overview -FIDO Alliance -Tokyo Seminar -NadalinNew FIDO Specifications Overview -FIDO Alliance -Tokyo Seminar -Nadalin
New FIDO Specifications Overview -FIDO Alliance -Tokyo Seminar -NadalinFIDO Alliance
 
FIDO UAF and PKI in Asia - Case Study and Recommendations
FIDO UAF and PKI in Asia - Case Study and RecommendationsFIDO UAF and PKI in Asia - Case Study and Recommendations
FIDO UAF and PKI in Asia - Case Study and RecommendationsFIDO Alliance
 
LINEのFIDO導入と将来展望
LINEのFIDO導入と将来展望LINEのFIDO導入と将来展望
LINEのFIDO導入と将来展望FIDO Alliance
 
0164 pruebas de_performance_en_aplicaciones_win_gene_xus
0164 pruebas de_performance_en_aplicaciones_win_gene_xus0164 pruebas de_performance_en_aplicaciones_win_gene_xus
0164 pruebas de_performance_en_aplicaciones_win_gene_xusGeneXus
 
0131 tu aplicacion_gene_xus_en_la_nube_lo_que_se_necesita
0131 tu aplicacion_gene_xus_en_la_nube_lo_que_se_necesita0131 tu aplicacion_gene_xus_en_la_nube_lo_que_se_necesita
0131 tu aplicacion_gene_xus_en_la_nube_lo_que_se_necesitaGeneXus
 
Operaciones bancarias 04
Operaciones bancarias 04Operaciones bancarias 04
Operaciones bancarias 04Videoconferencias UTPL
 
Short 1100 Jart Armin - The Pocket Botnet
Short 1100 Jart Armin - The Pocket BotnetShort 1100 Jart Armin - The Pocket Botnet
Short 1100 Jart Armin - The Pocket BotnetUISGCON
 
Short 11-00 Jart Armin - The Pocket Botnet
Short 11-00 Jart Armin - The Pocket BotnetShort 11-00 Jart Armin - The Pocket Botnet
Short 11-00 Jart Armin - The Pocket BotnetUISGCON
 
State of Bitcoin Security - Inside Bitcoins April 2014 - Bojan Simic
State of Bitcoin Security - Inside Bitcoins April 2014 - Bojan SimicState of Bitcoin Security - Inside Bitcoins April 2014 - Bojan Simic
State of Bitcoin Security - Inside Bitcoins April 2014 - Bojan SimicBojan Simic
 
State of bitcoin security
State of bitcoin securityState of bitcoin security
State of bitcoin securityMediabistro
 
Forensic And Cloud Computing
Forensic And Cloud ComputingForensic And Cloud Computing
Forensic And Cloud ComputingMitesh Katira
 
Webcast - how can banks defend against fraud?
Webcast - how can banks defend against fraud?Webcast - how can banks defend against fraud?
Webcast - how can banks defend against fraud?Uniphore
 
Cyber crime and cyber security
Cyber crime and cyber securityCyber crime and cyber security
Cyber crime and cyber securityKeshab Nath
 
KICA Case Study: Bio-Authentication and PKI Trends in Korea -FIDO Alliance -T...
KICA Case Study: Bio-Authentication and PKI Trends in Korea -FIDO Alliance -T...KICA Case Study: Bio-Authentication and PKI Trends in Korea -FIDO Alliance -T...
KICA Case Study: Bio-Authentication and PKI Trends in Korea -FIDO Alliance -T...FIDO Alliance
 
Cyber Security - Whats the Worst that Could Happen
Cyber Security - Whats the Worst that Could HappenCyber Security - Whats the Worst that Could Happen
Cyber Security - Whats the Worst that Could HappenRob Stevenson
 
Bitcoin presentation
Bitcoin presentationBitcoin presentation
Bitcoin presentationMahendra Vishwkarma
 
Cyber Raksha - by Vanshit Malhotra
Cyber Raksha - by Vanshit MalhotraCyber Raksha - by Vanshit Malhotra
Cyber Raksha - by Vanshit MalhotraVanshit Malhotra
 
Cybercrime & Cybersecurity
Cybercrime & CybersecurityCybercrime & Cybersecurity
Cybercrime & CybersecurityRitamaJana
 
Smartphone Ownage: The state of mobile botnets and rootkits
Smartphone Ownage: The state of mobile botnets and rootkitsSmartphone Ownage: The state of mobile botnets and rootkits
Smartphone Ownage: The state of mobile botnets and rootkitsJimmy Shah
 
Cybercrimes against the korean online banking systems 1227 eng_slideshare
Cybercrimes against the korean online banking systems 1227 eng_slideshareCybercrimes against the korean online banking systems 1227 eng_slideshare
Cybercrimes against the korean online banking systems 1227 eng_slideshareYoungjun Chang
 
IBM Cyber Threat Analysis
IBM Cyber Threat AnalysisIBM Cyber Threat Analysis
IBM Cyber Threat AnalysisIBM Government
 
The Endless Wave of Online Threats - Protecting our Community
The Endless Wave of Online Threats - Protecting our CommunityThe Endless Wave of Online Threats - Protecting our Community
The Endless Wave of Online Threats - Protecting our CommunityAVG Technologies AU
 
RSA Online Fraud Report - August 2014
RSA Online Fraud Report - August 2014RSA Online Fraud Report - August 2014
RSA Online Fraud Report - August 2014EMC
 
Bitcoin Presentation.pptx
Bitcoin Presentation.pptxBitcoin Presentation.pptx
Bitcoin Presentation.pptxAshutoshSingh502936
 
Mobile banking commoditization
Mobile banking commoditizationMobile banking commoditization
Mobile banking commoditizationjiboutin
 
Web3 Security Outlook 2022-2023
Web3 Security Outlook 2022-2023Web3 Security Outlook 2022-2023
Web3 Security Outlook 2022-2023QuillAudits
 
Million Browser Botnet
Million Browser BotnetMillion Browser Botnet
Million Browser BotnetSource Conference
 
I want the next generation web here SPDY QUIC
I want the next generation web here SPDY QUICI want the next generation web here SPDY QUIC
I want the next generation web here SPDY QUICSource Conference
 

Más contenido relacionado

Similar a iBanking - a botnet on Android

Short 1100 Jart Armin - The Pocket Botnet
Short 1100 Jart Armin - The Pocket BotnetShort 1100 Jart Armin - The Pocket Botnet
Short 1100 Jart Armin - The Pocket BotnetUISGCON
 
Short 11-00 Jart Armin - The Pocket Botnet
Short 11-00 Jart Armin - The Pocket BotnetShort 11-00 Jart Armin - The Pocket Botnet
Short 11-00 Jart Armin - The Pocket BotnetUISGCON
 
State of Bitcoin Security - Inside Bitcoins April 2014 - Bojan Simic
State of Bitcoin Security - Inside Bitcoins April 2014 - Bojan SimicState of Bitcoin Security - Inside Bitcoins April 2014 - Bojan Simic
State of Bitcoin Security - Inside Bitcoins April 2014 - Bojan SimicBojan Simic
 
State of bitcoin security
State of bitcoin securityState of bitcoin security
State of bitcoin securityMediabistro
 
Forensic And Cloud Computing
Forensic And Cloud ComputingForensic And Cloud Computing
Forensic And Cloud ComputingMitesh Katira
 
Webcast - how can banks defend against fraud?
Webcast - how can banks defend against fraud?Webcast - how can banks defend against fraud?
Webcast - how can banks defend against fraud?Uniphore
 
Cyber crime and cyber security
Cyber crime and cyber securityCyber crime and cyber security
Cyber crime and cyber securityKeshab Nath
 
KICA Case Study: Bio-Authentication and PKI Trends in Korea -FIDO Alliance -T...
KICA Case Study: Bio-Authentication and PKI Trends in Korea -FIDO Alliance -T...KICA Case Study: Bio-Authentication and PKI Trends in Korea -FIDO Alliance -T...
KICA Case Study: Bio-Authentication and PKI Trends in Korea -FIDO Alliance -T...FIDO Alliance
 
Cyber Security - Whats the Worst that Could Happen
Cyber Security - Whats the Worst that Could HappenCyber Security - Whats the Worst that Could Happen
Cyber Security - Whats the Worst that Could HappenRob Stevenson
 
Cyber Raksha - by Vanshit Malhotra
Cyber Raksha - by Vanshit MalhotraCyber Raksha - by Vanshit Malhotra
Cyber Raksha - by Vanshit MalhotraVanshit Malhotra
 
Cybercrime & Cybersecurity
Cybercrime & CybersecurityCybercrime & Cybersecurity
Cybercrime & CybersecurityRitamaJana
 
Smartphone Ownage: The state of mobile botnets and rootkits
Smartphone Ownage: The state of mobile botnets and rootkitsSmartphone Ownage: The state of mobile botnets and rootkits
Smartphone Ownage: The state of mobile botnets and rootkitsJimmy Shah
 
Cybercrimes against the korean online banking systems 1227 eng_slideshare
Cybercrimes against the korean online banking systems 1227 eng_slideshareCybercrimes against the korean online banking systems 1227 eng_slideshare
Cybercrimes against the korean online banking systems 1227 eng_slideshareYoungjun Chang
 
IBM Cyber Threat Analysis
IBM Cyber Threat AnalysisIBM Cyber Threat Analysis
IBM Cyber Threat AnalysisIBM Government
 
The Endless Wave of Online Threats - Protecting our Community
The Endless Wave of Online Threats - Protecting our CommunityThe Endless Wave of Online Threats - Protecting our Community
The Endless Wave of Online Threats - Protecting our CommunityAVG Technologies AU
 
RSA Online Fraud Report - August 2014
RSA Online Fraud Report - August 2014RSA Online Fraud Report - August 2014
RSA Online Fraud Report - August 2014EMC
 
Mobile banking commoditization
Mobile banking commoditizationMobile banking commoditization
Mobile banking commoditizationjiboutin
 
Web3 Security Outlook 2022-2023
Web3 Security Outlook 2022-2023Web3 Security Outlook 2022-2023
Web3 Security Outlook 2022-2023QuillAudits
 

Similar a iBanking - a botnet on Android (20)

Short 1100 Jart Armin - The Pocket Botnet
Short 1100 Jart Armin - The Pocket BotnetShort 1100 Jart Armin - The Pocket Botnet
Short 1100 Jart Armin - The Pocket Botnet
 
Short 11-00 Jart Armin - The Pocket Botnet
Short 11-00 Jart Armin - The Pocket BotnetShort 11-00 Jart Armin - The Pocket Botnet
Short 11-00 Jart Armin - The Pocket Botnet
 
State of Bitcoin Security - Inside Bitcoins April 2014 - Bojan Simic
State of Bitcoin Security - Inside Bitcoins April 2014 - Bojan SimicState of Bitcoin Security - Inside Bitcoins April 2014 - Bojan Simic
State of Bitcoin Security - Inside Bitcoins April 2014 - Bojan Simic
 
State of bitcoin security
State of bitcoin securityState of bitcoin security
State of bitcoin security
 
Forensic And Cloud Computing
Forensic And Cloud ComputingForensic And Cloud Computing
Forensic And Cloud Computing
 
Webcast - how can banks defend against fraud?
Webcast - how can banks defend against fraud?Webcast - how can banks defend against fraud?
Webcast - how can banks defend against fraud?
 
Cyber crime and cyber security
Cyber crime and cyber securityCyber crime and cyber security
Cyber crime and cyber security
 
KICA Case Study: Bio-Authentication and PKI Trends in Korea -FIDO Alliance -T...
KICA Case Study: Bio-Authentication and PKI Trends in Korea -FIDO Alliance -T...KICA Case Study: Bio-Authentication and PKI Trends in Korea -FIDO Alliance -T...
KICA Case Study: Bio-Authentication and PKI Trends in Korea -FIDO Alliance -T...
 
Cyber Security - Whats the Worst that Could Happen
Cyber Security - Whats the Worst that Could HappenCyber Security - Whats the Worst that Could Happen
Cyber Security - Whats the Worst that Could Happen
 
Bitcoin presentation
Bitcoin presentationBitcoin presentation
Bitcoin presentation
 
Cyber Raksha - by Vanshit Malhotra
Cyber Raksha - by Vanshit MalhotraCyber Raksha - by Vanshit Malhotra
Cyber Raksha - by Vanshit Malhotra
 
Cybercrime & Cybersecurity
Cybercrime & CybersecurityCybercrime & Cybersecurity
Cybercrime & Cybersecurity
 
Smartphone Ownage: The state of mobile botnets and rootkits
Smartphone Ownage: The state of mobile botnets and rootkitsSmartphone Ownage: The state of mobile botnets and rootkits
Smartphone Ownage: The state of mobile botnets and rootkits
 
Cybercrimes against the korean online banking systems 1227 eng_slideshare
Cybercrimes against the korean online banking systems 1227 eng_slideshareCybercrimes against the korean online banking systems 1227 eng_slideshare
Cybercrimes against the korean online banking systems 1227 eng_slideshare
 
IBM Cyber Threat Analysis
IBM Cyber Threat AnalysisIBM Cyber Threat Analysis
IBM Cyber Threat Analysis
 
The Endless Wave of Online Threats - Protecting our Community
The Endless Wave of Online Threats - Protecting our CommunityThe Endless Wave of Online Threats - Protecting our Community
The Endless Wave of Online Threats - Protecting our Community
 
RSA Online Fraud Report - August 2014
RSA Online Fraud Report - August 2014RSA Online Fraud Report - August 2014
RSA Online Fraud Report - August 2014
 
Bitcoin Presentation.pptx
Bitcoin Presentation.pptxBitcoin Presentation.pptx
Bitcoin Presentation.pptx
 
Mobile banking commoditization
Mobile banking commoditizationMobile banking commoditization
Mobile banking commoditization
 
Web3 Security Outlook 2022-2023
Web3 Security Outlook 2022-2023Web3 Security Outlook 2022-2023
Web3 Security Outlook 2022-2023
 

Más de Source Conference

I want the next generation web here SPDY QUIC
I want the next generation web here SPDY QUICI want the next generation web here SPDY QUIC
I want the next generation web here SPDY QUICSource Conference
 
From DNA Sequence Variation to .NET Bits and Bobs
From DNA Sequence Variation to .NET Bits and BobsFrom DNA Sequence Variation to .NET Bits and Bobs
From DNA Sequence Variation to .NET Bits and BobsSource Conference
 
Extracting Forensic Information From Zeus Derivatives
Extracting Forensic Information From Zeus DerivativesExtracting Forensic Information From Zeus Derivatives
Extracting Forensic Information From Zeus DerivativesSource Conference
 
How to Like Social Media Network Security
How to Like Social Media Network SecurityHow to Like Social Media Network Security
How to Like Social Media Network SecuritySource Conference
 
Wfuzz para Penetration Testers
Wfuzz para Penetration TestersWfuzz para Penetration Testers
Wfuzz para Penetration TestersSource Conference
 
Security Goodness with Ruby on Rails
Security Goodness with Ruby on RailsSecurity Goodness with Ruby on Rails
Security Goodness with Ruby on RailsSource Conference
 
Securty Testing For RESTful Applications
Securty Testing For RESTful ApplicationsSecurty Testing For RESTful Applications
Securty Testing For RESTful ApplicationsSource Conference
 
Men in the Server Meet the Man in the Browser
Men in the Server Meet the Man in the BrowserMen in the Server Meet the Man in the Browser
Men in the Server Meet the Man in the BrowserSource Conference
 
Advanced Data Exfiltration The Way Q Would Have Done It
Advanced Data Exfiltration The Way Q Would Have Done ItAdvanced Data Exfiltration The Way Q Would Have Done It
Advanced Data Exfiltration The Way Q Would Have Done ItSource Conference
 
Adapting To The Age Of Anonymous
Adapting To The Age Of AnonymousAdapting To The Age Of Anonymous
Adapting To The Age Of AnonymousSource Conference
 
Are Agile And Secure Development Mutually Exclusive?
Are Agile And Secure Development Mutually Exclusive?Are Agile And Secure Development Mutually Exclusive?
Are Agile And Secure Development Mutually Exclusive?Source Conference
 
Advanced (persistent) binary planting
Advanced (persistent) binary plantingAdvanced (persistent) binary planting
Advanced (persistent) binary plantingSource Conference
 
Legal/technical strategies addressing data risks as perimeter shifts to Cloud
Legal/technical strategies addressing data risks as perimeter shifts to CloudLegal/technical strategies addressing data risks as perimeter shifts to Cloud
Legal/technical strategies addressing data risks as perimeter shifts to CloudSource Conference
 
Who should the security team hire next?
Who should the security team hire next?Who should the security team hire next?
Who should the security team hire next?Source Conference
 
The Latest Developments in Computer Crime Law
The Latest Developments in Computer Crime LawThe Latest Developments in Computer Crime Law
The Latest Developments in Computer Crime LawSource Conference
 
How To: Find The Right Amount Of Security Spend
How To: Find The Right Amount Of Security SpendHow To: Find The Right Amount Of Security Spend
How To: Find The Right Amount Of Security SpendSource Conference
 
Everything you should already know about MS-SQL post-exploitation
Everything you should already know about MS-SQL post-exploitationEverything you should already know about MS-SQL post-exploitation
Everything you should already know about MS-SQL post-exploitationSource Conference
 

Más de Source Conference (20)

Million Browser Botnet
Million Browser BotnetMillion Browser Botnet
Million Browser Botnet
 
I want the next generation web here SPDY QUIC
I want the next generation web here SPDY QUICI want the next generation web here SPDY QUIC
I want the next generation web here SPDY QUIC
 
From DNA Sequence Variation to .NET Bits and Bobs
From DNA Sequence Variation to .NET Bits and BobsFrom DNA Sequence Variation to .NET Bits and Bobs
From DNA Sequence Variation to .NET Bits and Bobs
 
Extracting Forensic Information From Zeus Derivatives
Extracting Forensic Information From Zeus DerivativesExtracting Forensic Information From Zeus Derivatives
Extracting Forensic Information From Zeus Derivatives
 
How to Like Social Media Network Security
How to Like Social Media Network SecurityHow to Like Social Media Network Security
How to Like Social Media Network Security
 
Wfuzz para Penetration Testers
Wfuzz para Penetration TestersWfuzz para Penetration Testers
Wfuzz para Penetration Testers
 
Security Goodness with Ruby on Rails
Security Goodness with Ruby on RailsSecurity Goodness with Ruby on Rails
Security Goodness with Ruby on Rails
 
Securty Testing For RESTful Applications
Securty Testing For RESTful ApplicationsSecurty Testing For RESTful Applications
Securty Testing For RESTful Applications
 
Esteganografia
EsteganografiaEsteganografia
Esteganografia
 
Men in the Server Meet the Man in the Browser
Men in the Server Meet the Man in the BrowserMen in the Server Meet the Man in the Browser
Men in the Server Meet the Man in the Browser
 
Advanced Data Exfiltration The Way Q Would Have Done It
Advanced Data Exfiltration The Way Q Would Have Done ItAdvanced Data Exfiltration The Way Q Would Have Done It
Advanced Data Exfiltration The Way Q Would Have Done It
 
Adapting To The Age Of Anonymous
Adapting To The Age Of AnonymousAdapting To The Age Of Anonymous
Adapting To The Age Of Anonymous
 
Are Agile And Secure Development Mutually Exclusive?
Are Agile And Secure Development Mutually Exclusive?Are Agile And Secure Development Mutually Exclusive?
Are Agile And Secure Development Mutually Exclusive?
 
Advanced (persistent) binary planting
Advanced (persistent) binary plantingAdvanced (persistent) binary planting
Advanced (persistent) binary planting
 
Legal/technical strategies addressing data risks as perimeter shifts to Cloud
Legal/technical strategies addressing data risks as perimeter shifts to CloudLegal/technical strategies addressing data risks as perimeter shifts to Cloud
Legal/technical strategies addressing data risks as perimeter shifts to Cloud
 
Who should the security team hire next?
Who should the security team hire next?Who should the security team hire next?
Who should the security team hire next?
 
The Latest Developments in Computer Crime Law
The Latest Developments in Computer Crime LawThe Latest Developments in Computer Crime Law
The Latest Developments in Computer Crime Law
 
JSF Security
JSF SecurityJSF Security
JSF Security
 
How To: Find The Right Amount Of Security Spend
How To: Find The Right Amount Of Security SpendHow To: Find The Right Amount Of Security Spend
How To: Find The Right Amount Of Security Spend
 
Everything you should already know about MS-SQL post-exploitation
Everything you should already know about MS-SQL post-exploitationEverything you should already know about MS-SQL post-exploitation
Everything you should already know about MS-SQL post-exploitation
 

Último

Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...Neo4j
 
Boost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityBoost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityPrincipled Technologies
 
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdfUnderstanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdfUK Journal
 
MINDCTI Revenue Release Quarter One 2024
MINDCTI Revenue Release Quarter One 2024MINDCTI Revenue Release Quarter One 2024
MINDCTI Revenue Release Quarter One 2024MIND CTI
 
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Miguel Araújo
 
Why Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire businessWhy Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire businesspanagenda
 
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, AdobeApidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobeapidays
 
A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?Igalia
 
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...apidays
 
GenAI Risks & Security Meetup 01052024.pdf
GenAI Risks & Security Meetup 01052024.pdfGenAI Risks & Security Meetup 01052024.pdf
GenAI Risks & Security Meetup 01052024.pdflior mazor
 
Partners Life - Insurer Innovation Award 2024
Partners Life - Insurer Innovation Award 2024Partners Life - Insurer Innovation Award 2024
Partners Life - Insurer Innovation Award 2024The Digital Insurer
 
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024The Digital Insurer
 
Artificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and MythsArtificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and MythsJoaquim Jorge
 
Manulife - Insurer Innovation Award 2024
Manulife - Insurer Innovation Award 2024Manulife - Insurer Innovation Award 2024
Manulife - Insurer Innovation Award 2024The Digital Insurer
 
Exploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone ProcessorsExploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone Processorsdebabhi2
 
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...DianaGray10
 
Data Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonData Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonAnna Loughnan Colquhoun
 
Polkadot JAM Slides - Token2049 - By Dr. Gavin Wood
Polkadot JAM Slides - Token2049 - By Dr. Gavin WoodPolkadot JAM Slides - Token2049 - By Dr. Gavin Wood
Polkadot JAM Slides - Token2049 - By Dr. Gavin WoodJuan lago vázquez
 
Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)wesley chun
 

Último (20)

Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
 
Boost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityBoost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivity
 
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdfUnderstanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
 
MINDCTI Revenue Release Quarter One 2024
MINDCTI Revenue Release Quarter One 2024MINDCTI Revenue Release Quarter One 2024
MINDCTI Revenue Release Quarter One 2024
 
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
 
Why Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire businessWhy Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire business
 
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, AdobeApidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
 
A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?
 
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
 
GenAI Risks & Security Meetup 01052024.pdf
GenAI Risks & Security Meetup 01052024.pdfGenAI Risks & Security Meetup 01052024.pdf
GenAI Risks & Security Meetup 01052024.pdf
 
Partners Life - Insurer Innovation Award 2024
Partners Life - Insurer Innovation Award 2024Partners Life - Insurer Innovation Award 2024
Partners Life - Insurer Innovation Award 2024
 
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
 
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
 
Artificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and MythsArtificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and Myths
 
Manulife - Insurer Innovation Award 2024
Manulife - Insurer Innovation Award 2024Manulife - Insurer Innovation Award 2024
Manulife - Insurer Innovation Award 2024
 
Exploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone ProcessorsExploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone Processors
 
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
 
Data Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonData Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt Robison
 
Polkadot JAM Slides - Token2049 - By Dr. Gavin Wood
Polkadot JAM Slides - Token2049 - By Dr. Gavin WoodPolkadot JAM Slides - Token2049 - By Dr. Gavin Wood
Polkadot JAM Slides - Token2049 - By Dr. Gavin Wood
 
Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)
 

iBanking - a botnet on Android

  • 1. iBanking – a Botnet on Android 1 iBanking – a Botnet on Android Stephen Doherty Senior Threat Intelligence Analyst
  • 2. iBanking - Agenda iBanking – a Botnet on Android 2 iBanking – what is it?1 The Evolution of iBanking2 There’s no Honour among Thieves3
  • 3. iBanking – a Botnet on Android 3 iBanking What is it?
  • 4. What does the end user see? iBanking – a Botnet on Android 4 Polish Fake AV Scanner The Many Faces of iBanking
  • 5. The Capabilities of iBanking? Features of iBanking Steal Device Information Intercept SMS Intercept Phone Calls Forward/Redirect Calls Steal Address Book Record Audio on Microphone Send SMS Get geo-location List files on file system List running applications Prevent uninstallation Factory Reset iBanking – a Botnet on Android 5 Controllable over SMS/HTTP
  • 6. iBanking Control Panel • Control Multiple iBanking botnet from a single UI iBanking – a Botnet on Android 6
  • 7. iBanking Control Panel • Simple dropdown to Issue commands iBanking – a Botnet on Android 7
  • 8. iBanking Control Panel Majority of control numbers in Russia iBanking – a Botnet on Android 8
  • 9. How do I get infected with iBanking? iBanking – a Botnet on Android 9
  • 10. Getting infected with iBanking iBanking – a Botnet on Android 10
  • 11. Getting infected with iBanking iBanking – a Botnet on Android 11
  • 12. But that’s not all! • My PC is secure • I wouldn’t fall for this type of social engineering scam iBanking – A Botnet on Android 12 Chance Lodging software in Google Play - GFF
  • 13. iBanking – a Botnet on Android 13 The Evolution of iBanking How has it evolved?
  • 14. iBanking – pre sale version in the wild (August 2013) • Earliest iBanking varient discovered • Simple call redirector/SMS sniffer • Control Server Registrant Email – ctouma2@googlemail.com iBanking – a Botnet on Android 14
  • 15. Russian private forum (September 17th, 2013) iBanking – a Botnet on Android 15
  • 16. iBanking source code leaked (February 2nd, 2014) iBanking – A Botnet on Android 16
  • 17. iBanking source code leaked (February 2nd, 2014) iBanking – a Botnet on Android 17
  • 18. Android 0-day exploit in work (March 6th, 2014) iBanking – a Botnet on Android 18 “Work! In the near future is expected to announce in my workshop! 0-day vulnerability in android! :-)”
  • 19. iBanking – a Botnet on Android 19 There is no honour among thieves A hackers quest to recover 65k stolen bitcoins
  • 21. The Priv8 Team iBanking – a Botnet on Android 21
  • 22. Wanna sign up? iBanking – a Botnet on Android 22
  • 23. Hey I lost 65k BTC, can you help me? • Phones are secure right? – Store your Bitcoin wallet/credentials on the phone • ReVOLVeR gets busy reversing! – Command & Control • myredskins.net iBanking – a Botnet on Android 23
  • 24. iBanking Control Panel – Admin login • Authentication required! iBanking – A Botnet on Android 24 http://[IBANKING_DOMAIN]/iBanking/sendFile.php
  • 25. There be treasure? iBanking – A Botnet on Android 25
  • 26. ReVOLVer – Hacking the BBC iBanking – A Botnet on Android 26
  • 27. BBC confirms Hacking incident iBanking – a Botnet on Android 27
  • 28. ReVOLVer – Reselling iBanking iBanking – a Botnet on Android 28 January 6th, 2014
  • 29. Thank you! Copyright © 2012 Symantec Corporation. All rights reserved. Symantec and the Symantec Logo are trademarks or registered trademarks of Symantec Corporation or its affiliates in the U.S. and other countries. Other names may be trademarks of their respective owners. This document is provided for informational purposes only and is not intended as advertising. All warranties relating to the information in this document, either express or implied, are disclaimed to the maximum extent allowed by law. The information in this document is subject to change without notice. iBanking – a Botnet on Android 29 Stephen Doherty, Senior Threat Intelligence Analyst, Attack Investigations Team,