Fraudsters are shopping around malware that's been repurposed to carry out financial fraud and provide root access to infected machines.
Crooks began selling Beta Bot in January on underground online forums and reached the radar of RSA researchers after some 20 victims were infected.
RSA fraud researcher Limor Kessem said Beta Bot's creator was likely a skilled programmer who could be new to malware development, particularly in coding financial trojans.
Beta Bot was redeveloped from existing malware over 18 months prior to its launch so that it could be used for financial fraud, Kassem said.
Once an HTTP bot capable of carrying out automated tasks from a command-and-control server, Beta Bot now was packaged with a rootkit which blacklisted compromised machines from visiting security websites and offers a “kill switch” to disable competing malware on the machine.
Beta Bot stole data including bank login credentials by capturing victim's HTTP requests – but the developer likely aimed to add newer banking trojan features, like man-in-the-browser capabilities that offer attackers a more automated way to pilfer information.
The trojan was being sold from anywhere between $320 to $500 on the black market.