Is a new version of Asacub offered for sale on the Russian underground?

An ad uploaded to a Russian underground black market a few days ago allegedly offers a new and improved version of the infamous banking malware Asacub. This Android malware was originally designed to steal user data and send it to a remote server, but in January 2016, cybersecurity company Kaspersky reported that it has evolved to include banking features.

What is Asacub?

Asacub has been reported to include phishing pages and web injects for various banking services, in addition to capturing SMS messages and browsing data. It also runs specified Unstructured Supplementary Service Data (USSD) requests, which allow communication with cellular operators or mobile services without the need to make calls or send SMS. The malware abuses USSD in order to redirect potential phone calls or messages from a bank regarding logins, make USSD-enabled transactions or check the victim’s balance. The attackers behind the malware basically gain full control of an infected device, allowing them to later install more malware if desired.

Since January 2016, the malware’s primary use has been for the theft of banking and credit card data.

What is new in this version?

According to the ad, uploaded by a threat-actor using the name ‘asacub’, the malware enables the user to run USSD requests, keylog, steal credit card data using fake web pages, access GPS and camera, and collect SMS and call data. The ad also claims that the new version includes malvertising capabilities for WhatsApp and several other applications.

The actor offers the malware for a monthly fee of $399 US, or a one-time payment of $4000 US for the source code.

Is the threat authentic?

Other users of the black market have expressed mistrust of the newly-registered member. No confirmation has yet been received that the malware is operating as promised. However, the actor is offering users “test-runs” on dedicated servers.

According to Kaspersky, banking malware attacks saw a 30% increase in in 2016. Without a doubt, Asacub played a role in this surge.The re-emergence of the malware on the black market, if authentic, should concern all financial institutions and their customers.

We will watch this story closely and keep you updated on any developments.

Stay up to Date!

Subscribe to the blog to stay up to date with all the latest industry news and updates from IntSights.