Jump to content
Login new information ×
Login new information
Donations campaign phase one 2024

Infections with ZeusVM Banking Malware Expected to Spike As Building Kit Is Leaked

Karamjit

By Karamjit
in Security & Privacy News

Recommended Posts

Karamjit

Karamjit

Posted
Posted

Source code for control panel has also been leaked

Recently, a version of KINS toolkit was seen distributed all over the web free of charge, allowing anyone with minimum computer skills to build a banking malware variant and spread it to victims.

Along with the builder binary, the source code for the control panel was also leaked, which enables cybercriminals to communicate with and keep count of the compromised machines in the botnet.

KINS building kit creates ZeusVM version

Security researchers at Malware Must Die say that although the builder is passed as a toolkit for generating version 2.0.0.0 of KINS banking Trojan, the result is actually a variant of ZeusVM.

The authors of the leaked KINS builder adapted the tool to ZeusVM technology, allowing the configuration codes to be hidden in a JPG image that behaves normally; this technique is called steganography. The generated file, researchers say, is a ZeusVM bot similar to previously analyzed samples of ZeusVM v1 and v2.

On June 26, Malware Must Die received information about the leak from security researcher Xylit0l. Following internal talks that concluded that plenty of cybercriminals already know about the leak, they decided to share the data with the security community, so that the malicious piece can be retrieved for analysis from a trusted source.

Version 3 of KINS is traded on underground forums

The reasons behind this leak are not known, but its effects are easy to predict as a large number of low-tech crooks will grab the builder and create a variant of the malware.

“Together with this warning also we would like to inform that KINS version 3 is on the black market now with the price of 5k [€4,500] according to a certain crook's affiliated forum,” Malware Must Die says in a blog post.

In two videos embedded below, the researchers demonstrate that the builder can generate fully functional banking malware and integrate the configuration code in a seemingly harmless JPG file.

As far as the control panel is concerned, the crooks leaked its source code. Malware Must Die researchers say that the panel shows the classic style of ZeuS botnet panel, complete with database reports, total number of infected computers and the country they are located in, as well as the amount of active bots in the past 24 hours

KINS building kit:

Embedding encrypted configuration in a JPG file

From

Link to comment
Share on other sites
  • Views 791
  • Created
  • Last Reply

Archived

This topic is now archived and is closed to further replies.

Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...