Build-your-own banking trojan, ransomware on the high seas, and SIM card chaos

Get your weekly security news roundup from Avast. Source code to banking trojan Exobot leaked online, ransomware hits shipping giant Cosco, and SIM hijacking claims victims.

Source code to Exobot banking trojan leaked

“This has happened in the past, and it poses a risk as we saw in the case of the infamous Mirai botnet,” says Avast Security Evangelist Luis Corrons, speaking to the news that the source code to a potent bank trojan known as Exobot has been released into the wild of the dark web for anyone who cares to use it for their own ill will. The publicly-shared Mirai source code gave malware architects the blueprints to a powerful botnet, upon which they expanded. “Many malware writers used it to create their own customized version of the bot. We can expect the same here,” adds Luis.

The Exobot banking trojan is the most advanced yet discovered as it can infect the latest Android operating systems, making it more powerful than last year’s BankBot, which wreaked havoc on thousands of users in a very sophisticated campaign. Exobot requires less user interaction than previous banking trojans, making it the sneakiest yet. Banking trojans aim to capture all your payment information through keylogging or phony overlays, but they can be detected and blocked by a robust antivirus.

Ransomware hits Chinese shipping giant

The China Ocean Shipping Company (COSCO) hit some rough water on Tuesday this week when a ransomware attack locked up telecommunications such as email and phone lines throughout its US operations. The American version of its website is offline, and it has issued an official statement reassuring customers that while they work through internal communications issues, “main business operation systems are performing stably.”

Noting that there are indeed certain cybercriminal gangs who specialize in attacking conglomerates with ransomware, Luis points out the longer setup required. “Unlike regular ransomware attacks where one computer is targeted and that is all, these attacks start with a single computer but then move laterally through the network, accessing as many computers as they can. Once they are done, they deploy the ransomware on all of the computers. By doing it this way, the amount of information compromised is massive, and the ransom they ask for is much bigger.”

SIM hijackers cause chaos with phone numbers

A new dirty trick growing in infamy has scammers calling your mobile carrier, pretending to be you, and convincing them to transfer your phone number to another SIM card. Before you know it, you no longer have service on your phone and someone else is digging into all your accounts. This is called SIM hijacking, and it is traumatizing victims at a growing rate.  Look for more information and updates from Avast on this emerging topic in the near future.



Avast is a global leader in cybersecurity, protecting hundreds of millions of users around the world. Learn more about products that protect your digital life at avast.com. And get all the latest news on today's cyberthreats and how to beat them at blog.avast.com.

--> -->