Exobot Android Banking Trojan Source Code to be Leaked

Malware based on this code are dangerous even for smartphones with Android Oreo
25 July 2018   1342

The source code for the Android banking Trojan Exobot 2.5, also known as the Trump Edition, got on the web. Malicious programs based on this code are dangerous even for smartphones with Android Oreo.

According to the Bleeping Computer, in May 2018, an unknown person published a code on the Internet, which was later distributed through hacker forums. The first version appeared in late 2016, but in early 2018, its developers decided to sell the source.

ThreatFabric security researcher Cengiz Han Sahin analyzed Exobot. He claims that this Trojan does not need additional permissions to activate.

The interesting part here is that no Android permissions are required. All other Android banking trojans families are using the Accessibility ore Use Stats permissions to achieve the same goal and therefore require user interaction with the victim.

Cengiz Han Sahin


In July 2018, unknown people introduced malicious code into the two packages of the ESLint JavaScript code parser to steal user data and published a tool update. Before blocking, the Trojan was able to access 4,500 developer accounts.

New Vulnerability to be Found in Google+

Due to this vulnerability it was possible to obtain private information of 52.5 million accounts
11 December 2018   107

Google decided to close the social network Google+ not in August 2019, but in April. The reason was another vulnerability in the API, due to which it was possible to obtain private information of 52.5 million accounts. The company plans to close the social network API until mid-March 2019.

By December 10, 2018, the following error information was published:

  • Third-party applications requesting access to profile data, because of the bug in the API, received permission to view information, even if it is hidden by privacy settings;
  • the names of users, their email addresses, information about occupation, age and other confidential information were at risk;
  • passwords, financial data and national identification numbers have not been compromised;
  • the company has no evidence that anyone has exploited the vulnerability;
  • the error was fixed within 6 days: from November 7 to November 13, 2018.
  • Google said it sends notifications to all users affected by the bug.

The previous data leak of Google+ users occurred in October 2018. Then about 500 thousand accounts were compromised. The attackers could get the names, email addresses, age, gender and occupation of users.