A Russian banking Trojan developer who fell afoul of underground marketing rules has released the source code for his Nuclear Bot, sparking concerns it will be used to create new malware for use in future attacks.
The developer, who uses the moniker Gosya, failed to sell the malware, also known as NukeBot, after a series of missteps that saw him distrusted by members of underground hacking forums, IBM's X-Force security researchers said.
Desperate to capitalise on months of hard work coding the malware, Gosya tried to sell NukeBot on other forums under a different name. This aroused potential buyers' suspicion, and when Gosya changed the name of NukeBot to Micro Banking Trojan, he was banned from the underground forums.
Gosya now appears to have leaked the source code for the main module of NukeBot for others to use.
The malware was analysed by Arbor Networks in December last year, and found to be functional and viable.
With the source code out in the open, IBM's researchers said they expect it to be incorporated into other malware. They base their concerns on past leaks of source code for Trojans such as Zeus, Gozi, and Carberp, which have lead to new malware being created.
While NukeBot has not been detected in the wild yet, the researchers believe it will be used in attacks against bank customers.
.png&h=140&w=231&c=1&s=0)
.png&w=120&c=1&s=0)
Tech in Gov 2025
Forrester's Technology & Innovation Summit APAC 2025
.png&w=120&c=1&s=0)
Security Exhibition & Conference 2025
Integrate Expo 2025
Digital As Usual Cybersecurity Roadshow: Brisbane edition
.jpg&h=140&w=231&c=1&s=0)
.jpg&h=140&w=231&c=1&s=0)
