GM Bot

GM Bot is a banking trojan that typically targets Android mobile devices. GM Bot was observed selling on underground hacker forums for $5,000 in October 2014. Other malicious developers purchased the trojan and were able to create their own variants of the GM Bot, which quickly established itself as one of the most sophisticated Android malware threats. One of the hackers who was renting the trojan eventually leaked the source code, leading the original author to develop and release GM Bot v2 in early 2016, charging $15,000 for the malware and exploits with a monthly fee of $2,000. The developer claims they will add new features to the trojan’s capabilities, including plans to work through Tor connections.

Reporting

  • February 2016: IBM's XForce Research team detailed the progression of GM bot and were able to identify similarities with other Android banking malware, such as SlemBunk, Bankosy, Mazar BOT, and AceCard.
  • March 2016: FireEye followed up to IBM's earlier intelligence report to confirm that similarities between GM Bot and the SlemBunk mobile trojan indicate that the two share a common origin, along with several other prominent mobile malware variants, including the first known file-encrypting ransomware for Android – SimpleLocker.

Technical Details

  • FireEye provides technical analysis of GM Bot v2, available here.

One example of the GM Bot trojan.