Source Code of CARBANAK backdoor discovered

[German]The banking Trojan CARBANAK is well known for some malware attacks and digital raids in recent years. Now security researchers have discovered the source code on VirusTotal and

A few days ago there was news that security researchers from FireEye had made an amazing discovery. The source code of the Carbanak backdoor was discovered on VirusTotal (see the following tweet by Catalin Cimpanu).

FireEye researchers gained access to FIN7's Carbanak backdoor source codehttps://t.co/VeUurCwCIB pic.twitter.com/WN8DHKLQ8J

— Catalin Cimpanu (@campuscodi) 22. April 2019

Some background information

Carbanak is one of the most comprehensive and dangerous malware families. Other names are also FIN7, Anunak or Cobalt. The malware is being developed by a group of cyber criminals. The group has been involved in several attacks on banks, financial institutions, hospitals and restaurants.

Source Code discovered for real

Last July there was a short rumour that the source code of Carbanak had reached the public. But security researchers from Kaspersky Lab later confirmed that the source code found was not the Carbanak Trojan, as The Hacker News writes here. Now FireEye cyber security researchers have really discovered the Carbanak source code, its builder and some previously invisible plugins. These were uploaded two years ago from a Russian IP address to the VirusTotal malware scan engine in two RAR archives [1, 2].

FireEye's security researchers have now published corresponding information in the FireEye blog. Gour blog posts reveals details of what they found out. For normal users this has no practical use, but for security researchers it is a gold mine. Let's see what else we can learn from it. Some summary information can also be found at The Hacker News.