Categories: SecurityWorkspace

Carberp Malware Source Code Sells For $50k On Dark Web

One of the most well known banking Trojans, Carberp, has had its source code offered on underground forums for as much as $50,000, leading to concerns the malware will see a spike in activity.

When the Zeus malware code was released in 2011, variants proliferated and one of the most prevalent Trojans became even more troublesome.

The same could certainly happen with Carberp, which does web injects on banking sites to trick users into handing over login information when they think they are legitimately entering their username and password.

Carberp car boot sale

On an underground Russian forum, security company Trusteer found a seller going by the name of “=Sj=”, who offered the code and use of the malware to a “trustworthy member”for $50,000.

The seller also claimed his Carberp came with Master Boot Record (MBR) rootkit functionality, meaning it could give cyber crooks low level access to victims’ operating systems and avoid anti-virus software. They also said it would work on all Windows operating systems.

“Members of different forums are apparently also attempting to sell the source code at a significantly lower price,” wrote Etay Maor, senior manager at Trusteer. “One assumption that has been made is that a breach of contract by a Carberp seller caused a buyer to take revenge and sell the source code.”

There has been turmoil in the Carberp community recently, as the leader of a Carberp gang was arrested in April, along with another 20 who were alleged to have created the malware. They followed the arrest of another crook accused of running a major Carberp operation last year.

“With the current feature set this malware offers, it can easily be configured to target a wide variety of businesses as well as be used for data theft and reconnaissance,” Maor added.

“It remains to be seen if we are witnessing an attempt to dilute this malware due to internal struggles within the Carberp or buyer groups.

“Another possibility is that the source code will be acquired and enhanced to create a new malware product that will then be sold to the underground fraud community.”

Are you a security expert? Try our quiz!

Thomas Brewster

Tom Brewster is TechWeek Europe's Security Correspondent. He has also been named BT Information Security Journalist of the Year in 2012 and 2013.

View Comments

Recent Posts

Uber Agrees To Support Minimum Wage In Australia

Uber reaches deal with federal transport union to support legislation over minimum pay for 'gig…

17 hours ago

Virtual Reality Sales Predicted To Take Off In Spite Of Economic Gloom

Market analysts see strong demand for virtual reality and augmented reality tech through 2026 in…

17 hours ago

Iran Steel Plants ‘Hit By Cyber-Attack’

Hacking group claims responsibility for reported attacks on several major Iranian steel plants, with one…

19 hours ago

US Says Private Investment Boosts EV Charger Manufacturing

US says private companies investing more than $700m to expand domestic electric vehicle charger manufacturing…

20 hours ago

Tencent Forms XR Unit In Metaverse Drive

China's most valuable company Tencent forms extended reality (XR) unit combining hardware and software as…

21 hours ago