Nuclear Bot is a devastatingly effective Trojan. Although designed to target banks, there’s no reason why it couldn’t be used on any business.
It works by opening up hidden remote desktop sessions and lying in wait. Then, when an unsuspecting infected user provides login credentials to a banking website, it allows the hacker controlling the covert remote session to initiate rogue transactions.
Since valid login credentials have already been provided and recognized by the bank’s servers, it will happily process those requests, just as if they had been initiated by the legitimate owner of the account.
Unfortunately, the release of the source code means that less skilled hackers who lack the talent to code something like this for themselves now have easy access to everything they need to create surprisingly effective attacks.
We’ve seen source code releases in the past, but the overwhelming majority of the time, those are accidental. What makes the release of Nuclear Bot especially noteworthy is that the author seems to have done it intentionally, and of his own accord.
He did make some attempt to market the code to other hackers, but apparently ran afoul of the hacking community in general, breaking several unspoken rules and conventions and gaining a reputation as being something of a spammer.
While the reasons behind his decision to release the source code remain a mystery, if the past is any indication, we can expect to see a flurry of new attacks as the broader hacking community begins putting the code to use.
Even without this release, 2017 was predicted to eclipse 2016 in terms of the number of attacks. Now, that is virtually guaranteed. Catalin Cimpanu, Bleeping Computer, writes, “Despite being quite a potent banking trojan, IBM said it didn’t detect active campaigns distributing Nuclear Bot, but this is very likely to change.