14 DAY TRIAL // The source code for a new Trojan called Nuclear Bot has been leaked online, which may spark a rise in attacks against banking services.
As it happens almost every time the source code for a malicious program lands online, it is quite likely to see more unskilled cybercriminals launching malware attacks against users.
Nuclear Bot first landed on the dark web for sale back in December, for a mere $2,500. The malware can steal and inject information from and into websites opened in Firefox, Internet Explorer or Chrome, while also having the capacity to open a local proxy or hidden remote desktop service.
These are pretty much common features among banking trojans as attackers seek to bypass security checks of online bank websites in order to go through with the fraud.
A complicated tale
Researchers from IBM who have been keeping an eye on Nuclear Bot for a while now say that Gosya, the creator of the trojan, broke many of the unwritten rules of the cybercriminal community over the past few months, which resulted in him losing his credibility and getting flagged as a scammer.
One of the things IBM notes is that the hacker did not provide test versions of the software to forum admins or potential buyers and even used different names when advertising his malware on different forums.
In an effort to regain the trust of fellow cybercriminals, this hacker chose to leak his own source code. In the past, source codes for other banking trojans landed on the Internet, but most often than not as an unintentional leak.
"Publicly available source code makes for more malware. This is often incorporated into existing projects. X-Force researchers noted that NukeBot is likely to see the same process take place in the wild, especially since its code is not copied from other leaked malware, per the developer’s claims," note the IBM researchers.