
Source for CARBANAK backdoor leaked and placed on GitHub - phoe-krk
https://github.com/Aekras1a/Updated-Carbanak-Source-with-Plugins
======
phoe-krk
Details: [https://www.fireeye.com/blog/threat-
research/2019/04/carbana...](https://www.fireeye.com/blog/threat-
research/2019/04/carbanak-week-part-one-a-rare-occurrence.html)

~~~
lxe
Best way to learn Russian is to reverse engineer a virus.

------
ianhawes
"Leaked" in this case refers to the fact that 2 RAR archives were uploaded to
Virus Total. Certain security researchers are bestowed access to VT raw
uploads.

~~~
tinus_hn
One would presume such access would come with NDAs and not permit these
researchers to just publish the files.

~~~
zaarn
You can probably only hide them if you get researcher access yourself.

------
hrdwdmrbl
What's the backstory?

~~~
xs
Carbanak is a piece of malware originally used to rob banks in Ukraine and
Russia by jackpotting ATMs and changing the account balances. Since then the
malware has lived on to be used to target US companies such as Chipotle, Ruby
Tuesday, Baja Fresh, casinos and so many more. This malware was held tight by
the hackers and not shared but now, you can have it too.

The podcast Darknet Diaries Ep 35 does a good job explaining it. Very
fascinating.

~~~
Nanocurrency
What is ATM jackpotting?

[https://whatis.techtarget.com/definition/ATM-
jackpotting](https://whatis.techtarget.com/definition/ATM-jackpotting)

------
atemerev
...and it will be gone really soon, grab it while you can. This thing was
really dangerous; it is great that it is now available for researchers.

From a quick look to the code it looks professional and no obvious WTFs are
there. However, it is strange that comments in Russian are all in Cp1251,
while Visual Studio supports UTF-8 from long ago. Perhaps the old project, and
authors never bothered to convert it?

~~~
numpad0
I don't know about Russians, but Shift-JIS/cp932 is still popular in Japan as
if Windows never supported UTF-8, so perhaps something similar is happening
there.

~~~
atemerev
I am Russian; everybody uses Unicode since about 2010.

------
jc091480
You put it on one of these sites and you tip off the creator.

~~~
philpem
And security researchers around the world can poke at it and figure out how to
defend against it and derivatives.

Another day, another better mousetrap.

------
swiley
Some hashes are different? what is that about?

~~~
huntermeyer
Translated some RU sentences to EN. It's in the README.

