We recently discovered a post about a new mobile Trojan on one of the Russian underground forums. The uniqueness of this malware (if the publications prove true, of course) is that it is capable of attacking both iOS and Android systems. The magic malware’s name is iDroid bot 0.7.
The malware first appeared on the Web about a month ago, on two different underground forums. It was also mentioned in a thread on a Russian crowd-funding site that tried to raise RUB 16,000 (about $450) for further development of the malware.
Sales are conducted via a dedicated website, on which no contact details are published and the only way to contact the seller is to leave your contact details on the site. When you receive a response, you pay the sum of $800 (or 1.5 bitcoins if you prefer to count your money in virtual currency), and become the lucky owner of a malicious program that is supposed to help you become a rich person without too much effort.
So, what are iDroid’s capabilities? Obviously, the most important one is infecting both iOS (versions 7.1 and below) and Android (versions 2.2 and up). Members of the underground forums have expressed doubt about this feature, as the infection of iOS systems is very sophisticated, especially if combined with Android’s infection in the same tool. In addition, the admin panel uses the TOR browser and a proxy for connection.
The grabbing features of the tool include keylogger, CC grabber and email grabber. The main profit for the operator comes from grabbing data from mobile wallets (QIWI, Yandex.Money, and WebMoney Keeper Mobile), by substituting the operation on the mobile device. Finally, we have all the “regular features” of a mobile Trojan, such as SMS sending and interception, conversation records, receiving screenshots, etc.
Another fact worth mentioning is that the author is already working on the next version of his brainchild, iDroid bot 0.8. This version will contain additional functions, such as a utility for writing Zeus-like injections into banks and paying system applications, auto injections into applications of 56 banks and auto delivery of the Trojan via Bluetooth (only for Android).
iDroid bot is the second bot that purports to infect iOS devices (the first was Zorenium, whose sales started in January 2014). Apple is definitely the next big target for cybercriminals, and even if the above-mentioned tools prove fictional, they are working on this pretty hard. So as we see it, the odds for success in the short-term are high.
We have recently seen the development and publishing of hack applications for smartphones on underground forums. Check the updates in our new post: HACKoDROID: An Increasing Tendency Toward Smartphone-Based Attacks