AppCloud and the uprising SaaS Android trojan malware

Some weeks ago Intelcrawler informed of a large fraud campaign against major Islamic banking institutions and one from Spain.


The malicious code infected the mobile devices of banking customers, intercepted the OTP («One-Time-Password») token code and immediately sent it to the bad actors.

The unique side of the engine is in Software-as-a-Service opportunity to generate various kinds of mobile malware using several prepared templates for famous applications.

Last week, we found that apparently someone was selling precisely the source code of the application described in the above post, including Panel and Builder, for $2000 in a forum:

According to the dates of the screenshots published in the post of the forum, it seems to be an updated version:

The picture below shows how easy it is to build a new malicious application for different banks with this software, called Appcloud:


Since it is a new kind of service provided by malicious users, we will keep monitoring the evolution of the Software-as-a-Service in the Android Trojan applications. We hope to write about it more deeply in the next weeks.

Xavier Galian

Ecrime analyst at Blueliv

Dark Commerce

Exploring the cybercrime industry and its business models: part 1

Read free report
Demo Free Trial MSSP