Stories in this blog’s Breadcrumbs series have sought to comb through clues that point to the possible location and identities of malware authors and purveyors. But from time to time those clues lead definitively back to an individual. In today’s post, we’ll look at the author of the Pincer Trojan for Android — a 32-year-old programmer at a mobile app development firm in Russia.
The source code for “Carberp” — a botnet creation kit coded by a team of at least two dozen hackers who used it to relieve banks of an estimated $250 million — has been posted online for anyone to download. The code leak offers security experts a fascinating and somewhat rare glimpse into the malcoding economy, but many also worry that its publication will spawn new hybrid strains of sophisticated banking malware.