Trojan Source Code Leak Could Lead to Explosion of New Malware

Banks can expect an explosion of new Trojan malware variants this year that could lead to fraud and theft against their online and mobile banking customers' accounts.

The source code behind a crimeware kit called Carberp has been leaked on the internet, according to the CSIS Security Group, which works with Danish banks. A crimeware kit is a programming tool that allows someone who does not have any software programming experience to create, customize and distribute malware.

The Carberp banking malware, which can steal personal information, has the ability to modify a hard drive so as not to be detected by antivirus software, according to IT blog Net-Security.Org. That trait makes it especially dangerous.

Indeed, the leak could equal that of a similar event two years ago, when Zeus source code was exposed on the net. At that time, 10 new variant strains of malicious software were created in short order, says Ken Baylor, a research vice president at information security research and advisory company NSS Labs.

"Some of them, like Ice IX, were devastating, but when we focused on them, the anti-malware community found a way of defeating them," he says. "This leak will bring at least three times as many variants, much research by talented but underfunded wannabe criminals, and much more havoc. The availability of prepaid debit cards eliminates the need for money mules, so they can 'get into the business' of crime much more easily."

He warns that banks need to be ready, especially since the same files that leaked the Carberp Trojan also contained another type of malware called Citadel, which is based on Zeus but much more devastating.

"Citadel has caused millions of dollars in losses, and was created from leaked Zeus source code," Baylor says. "I expect to see a major uptick in modified crimeware over the next few months."

For reprint and licensing requests for this article, click here.
Bank technology
MORE FROM AMERICAN BANKER