After falling victim to peer pressure, the creator of the Nuclear Bot banking Trojan decided to release its source code. Now everyone who wishes can use this program to rob people. Attacks on banking accounts may rise, so we urge you to keep your guard up.
Nuclear Bot is a classic banking Trojan. The infection targets the top-tier browsing clients, Google Chrome, Mozilla Firefox, and Internet Explorer. Apart from extorting data from web browsers, the Trojan can also open local proxies and hidden remote desktop services.
A successful attack occurs when the Trojan manages to bypass the security checks of the targeted banking platform.
Coder originally deemed a fraud
The creator of Nuclear Bot did not have it easy. His program was released on the darkweb as a paid service in December. The renegade developer did not ask for much. He set the price at $2,500 USD.
Although the service turned out to be legitimate, the developer received backlash from the hacker society. As IBM revealed in their report on Nuclear Bot, the coder who goes by Gosya on darkweb forums broke a number of unwritten rules.
One of the mistakes the developer made was not to provide test versions of his software to forum administrators. His poor business practices led to his peers growing suspicious and labeling him a scammer. To clear his name and gain recognition in the community, the hacker decided to leak his source code himself.
Source codes have been leaked in the past. The leaks are unintentional for the most part. Regardless, the result is more resources to make use of. This facilitates the work of malware developers.
“Publicly available source code makes for more malware. This is often incorporated into existing projects. X-Force researchers noted that NukeBot is likely to see the same process take place in the wild, especially since its code is not copied from other leaked malware, per the developer’s claims,” IBM elaborated in their report on Nuclear Bot.