Recently leaked malware source code isn’t Carbanak

July 12, 2018

Previous statements claimed that it was Carbanak source code that was leaked recently. Kaspersky Lab analysis, however, reveals that the code belongs to another piece of financial malware called Karamanak/Pegasus/Ratopak (not to be confused with Pegasus for iOS spyware). Timestamps suggest that this source code was produced in 2015–2016. The language of the virus writers was definitely native Russian, and they were targeting financial institutions in Russia.

Any financial malware attack, and particularly any attack against well-protected organizations, is a sophisticated operation that requires a lot of preparation and incorporates two key steps: infection and money withdrawal. Although a source code leak could help criminals with the first step, the second stage requires a lot of planning and effort. Therefore, it is unlikely that we will immediately hear about new cyberincidents based on this leak very soon.

Such leaks are a big deal in the long run. Still, history teaches us that in the long term, it is highly likely the leak of this source code will have the devastating effect of leading to different cybercriminals developing new malware modifications. For example, that’s what happened after the Zeus source code leak in 2011, so in the long term we can expect the appearance of new financial malware strains and groups of criminals involved in financial cybercrime.