KINS Malware Builder Leaked on numerous crime forums
Researchers at MalwareMustDie group have discovered a KINS Malware builder leaked online, it is easy to predict a rapid diffusion of the banking trojan.
Security experts at the MalwareMustDie revealed that the source code of the popularĀ KINSĀ malware was leaked online.
Early 2013, experts at RSA discovered traces the banking trojan namedĀ KINSĀ by analyzing the offer for malware in theĀ undergroundĀ communities. RSA researchers discovered an announcement on theĀ Russian black marketĀ for the new KINS Trojan toolkit.
The advertisement for the sale of the KINS malware was published on a closed Russian-speaking underground forum.
[adsense size='1']
On June 26, the experts at the MalwareMustDie discovered online a package that includes the KINS 2.0.0.0 builder, dubbed āKINS Builder,āĀ and the source code for the control panel. The package was available on the Web, a circumstance that would allow the rapid diffusion of the banking trojan. Criminal crews can create their samples of the malware and using the available codeĀ to buildĀ a customized command & control center for the KINSĀ botnet.
Researchers have pointed out that the developers of the malware builder call the tool āKINS Builder.ā The expertsĀ that analyzed the KINS builder discovered that it generates binaries of a banking malware namedĀ ZeusVM, this means that authors of KINS malware have integrated theĀ ZeusVM codeĀ into their trojan.
According to the researchers, the malware generated by the KINS builder is completely different from previous KINS detected in the wild.
Experts say this shows that KINS developers have integrated ZeusVM technology into their creation, for example the new KINS uses steganography to hide malware configuration data in a .JPG image file.
Experts at MalwareMustDie have publishedĀ technical details and source codeĀ for the leaked KINS builder.
[adsense size='1']
*Updated. The original version of the story incorrectly stated that the source code for both the builder and the control panel was made available. Only the source code for the control panel has been leaked. ā states the post fromĀ MalwareMustDie.
Currently, the MalwareMustDie research group is working with other experts, including the French Xylit0l and the Japanese unixfreaxjp,Ā to prevent KINS spreading online by removing the package from several websites.
MalwareMustDie also revealed to have discovered version 3 of the KINS malware, which is offered for sale for $5,000 in underground forums.
Experts that desire to analyze the new variant of KINS malware can contact the researchers at MalwareMustDie.
Gloss