Thursday, May 26, 2022

French Banking Trojan Creator Offered US Job, but Is It a Trap?

French Banking Trojan Creator Offered US Job, but Is It a Trap?

A French teenager and self-proclaimed author of a banking trojan called “Nuclear Bot” is being offered a job at a US-based technology company. This may seem like good news, but the teen’s father is concerned Johnny Law might be trying to lure his son into a trap.

Also read: Bitmain: AsicBoost Not a Covert Attack, Never Used on MainNet

18-year-old Augustin Inzirillo is the self-proclaimed author of the banking malware, Nuclear Bot (a.k.a. NukeBot). According to Malware analysts at IBM’s X-Force, NukeBot is considered to be an “HTTP bot”, meaning that it can steal login data on the fly and can apparently deploy web-injections on top of Internet browsers.

NukeBot: Claims to Bypass Bank Security

In general, as banking malware, the bot functions similarly to the ZeuS banking trojan in that it can steal passwords and inject arbitrary content when victims visit banking websites. However, according to the author it was written from scratch and did not build off of any existing program.

NukeBot’s Web-Based Admin Panel

Nuclear Bot first emerged in cybercrime forums when a hacker, going by the alias “Gosya”, attempted to sell the malware. This was something he apparently did with such ineptitude that he was actually banned from the fraud-themed forums for violating their policies on selling malware.

“[Gosya] didn’t have the malware tested and certified by forum admins, nor did he provide any test versions to members,” writes IBM researchers Limor Kessem and Ilya Kolmanovich. He was also hassled by competing malware vendors, such as the FlokiBot vendor, interrogating him regarding certain claims he made about the malware’s capabilities.

Apparently, one of these claims was that Nuclear Bot could bypass Trusteer Rapport, an IBM security product that many banks offer to their customers to help protect them against malware, particularly banking trojans.

Malware analysts at IBM’s X-Force research division responded to this claim by examining the malware’s code for themselves, as Augustine Inzirillo released the source code just months after NukeBot began showing up for sale in cybercrime forums.

IBM: Claims ‘Unfounded and Incorrect’

The researchers at IBM found that these claims were false, writing:

“These claims are unfounded and incorrect. Rapport detection and protection against the NukeBot malware are effective on all protection layers.”

However, in an interview with KrebsOnSecurity, original author Augustine Inzirillo admits he wrote the Nuclear Bot trojan as a proof-of-concept to demonstrate a method he developed that he says bypasses Rapport. Thus, of course, Inzirillo takes issue with the researcher’s findings and says that he released the code, in part, because he wanted other people to test his claims.

He also denies ever selling or marketing the malware, claiming that it was done without his permission. “I was excited about this, and having nobody to share this with, I distributed the code to ‘friends’ who tried to profit off my work,” he explained.

Additionally, Augustin’s father was also interviewed. Commenting on his son’s situation, Daniel Inzirillo — who happens to be an accomplished computer programmer himself — said his son didn’t release his code for money. Instead, Daniel claimed he did it to spite all the “cyber shitheads” because they couldn’t sell his software anymore.

 It’s a Trap!

Furthermore, Daniel is concerned for his son’s future, both because of bad decisions he has made in the past and a potentially harmful one he is planning on making. He thinks the Feds or some law enforcing agency is trying to set his son up.

The reason being is because an unnamed US technology company contacted him shortly after he made his code public. “[They] told him they wanted to fly him to the U.S. for a job interview as a result of him posting that online,” Daniel Inzirillo said.

“There is a strong possibility that in one or two weeks he’s going to be flying to California, and I am concerned that maybe some guy in some law enforcement agency has his sights on him.”

Now his father is trying to convince him not to act on a job offer in the United States, but Augustin is not heeding the advice — as he is leaning towards accepting it. He says that while he feels bad for releasing the code, he doesn’t think he should feel bad about getting a job because of it.

He also added that if people want to offer him something interesting as a result of releasing his code, then it wouldn’t make sense to not take advantage of that opportunity.

What do you think of the job offer? Do you think Inzirillo tried to profit off his malware? Let us know in the comments below.

Images courtesy of, IBM, and security

Bitsonline Email Newsletter