Expect a surge in new banking malware after software leak

Criminals on the prowl for online banking credentials have a new treat available

Security experts expect a spike in malware that steals banking credentials to emerge thanks to a leaked copy of a toolkit used to build such malware.

Criminals on the prowl for online banking credentials have a new treat available that could create problems for the banking sector and its customers.

According to researchers at independent security outfit MalwareMustDie, in late June a free copy of the toolkit to build KINS 2.0 — a version of the well known Zeus banking malware — was leaked online, giving criminals all they need to create new banking malware and a network used to control infected machines.

The Zeus banking trojan and variants of it, including ZeusVM, have a long history of targeting online banking accounts, typically by modifying banking websites when an infected machine visits the site.

A researcher with MalwareMustDie told CSO Australia that anyone who has access to the toolkit, including non-technical people, will be able to make new variants of ZeusVM and use it to target online banking credentials.

“They can use it to steal other people's credit card, login information and credentials and send the information to the botnet panel, which was also in the leaked package,” a MalwareMustDie spokesperson said.

The botnet panel for KINS shows the number of infected machines and their location by country.

The spokesperson added that the particular version also produces malware with a configuration file that is an image file. The image file helps the malware evade detection by antivirus software — a technique known as steganography that is popular among banking malware, .

MalwareMustDie stressed in a blogpost that the source code for KINS 2.0 itself was not released but the software that would allow others to build that version.

It’s not clear who leaked the software but the researchers noted that it came alongside the release of KINS 3.0, which is now available on an underground forum for $5,000.

So far the leaked software has had a limited impact. According to MalwareMustDie, there are currently 10 botanist using the KINS setup and six of those are live. Still, that’s six malicious sites that weren’t published last week and it suggests that criminals are looking to exploit KINS 2.0.

MalwareMustDie said it was attempting to takedown pages that lead to the leaked source code. It is also making an archive of the files available to security researchers, antivirus firms and CERTs.

This article is brought to you by Enex TestLab, content directors for CSO Australia.

Feeling social? Follow us on Twitter and LinkedIn Now!

Join the CSO newsletter!

Error: Please check your email address.

Tags ZeusVMCERTssoftware leakKINS 2.0bankingZeus bankingMalwareMustDiemalwareCSO Australiabanking malware

More about CSOEnex TestLabTrend MicroTwitter

Show Comments

Featured Whitepapers

Editor's Recommendations

Solution Centres

Stories by Liam Tung

Latest Videos

  • 150x50

    CSO Webinar: The Human Factor - Your people are your biggest security weakness

    ​Speakers: David Lacey, Researcher and former CISO Royal Mail David Turner - Global Risk Management Expert Mark Guntrip - Group Manager, Email Protection, Proofpoint

    Play Video

  • 150x50

    CSO Webinar: Current ransomware defences are failing – but machine learning can drive a more proactive solution

    Speakers • Ty Miller, Director, Threat Intelligence • Mark Gregory, Leader, Network Engineering Research Group, RMIT • Jeff Lanza, Retired FBI Agent (USA) • Andy Solterbeck, VP Asia Pacific, Cylance • David Braue, CSO MC/Moderator What to expect: ​Hear from industry experts on the local and global ransomware threat landscape. Explore a new approach to dealing with ransomware using machine-learning techniques and by thinking about the problem in a fundamentally different way. Apply techniques for gathering insight into ransomware behaviour and find out what elements must go into a truly effective ransomware defence. Get a first-hand look at how ransomware actually works in practice, and how machine-learning techniques can pick up on its activities long before your employees do.

    Play Video

  • 150x50

    CSO Webinar: Get real about metadata to avoid a false sense of security

    Speakers: • Anthony Caruana – CSO MC and moderator • Ian Farquhar, Worldwide Virtual Security Team Lead, Gigamon • John Lindsay, Former CTO, iiNet • Skeeve Stevens, Futurist, Future Sumo • David Vaile - Vice chair of APF, Co-Convenor of the Cyberspace Law And Policy Community, UNSW Law Faculty This webinar covers: - A 101 on metadata - what it is and how to use it - Insight into a typical attack, what happens and what we would find when looking into the metadata - How to collect metadata, use this to detect attacks and get greater insight into how you can use this to protect your organisation - Learn how much raw data and metadata to retain and how long for - Get a reality check on how you're using your metadata and if this is enough to secure your organisation

    Play Video

  • 150x50

    CSO Webinar: How banking trojans work and how you can stop them

    CSO Webinar: How banking trojans work and how you can stop them Featuring: • John Baird, Director of Global Technology Production, Deutsche Bank • Samantha Macleod, GM Cyber Security, ME Bank • Sherrod DeGrippo, Director of Emerging Threats, Proofpoint (USA)

    Play Video

  • 150x50

    IDG Live Webinar:The right collaboration strategy will help your business take flight

    Speakers - Mike Harris, Engineering Services Manager, Jetstar - Christopher Johnson, IT Director APAC, 20th Century Fox - Brent Maxwell, Director of Information Systems, THE ICONIC - IDG MC/Moderator Anthony Caruana

    Play Video

More videos

Blog Posts