IBM X-Force Research detected a recently updated version of the GM Bot mobile banking malware designed to deploy on Android 6 operating systems and bypass new security applied to the platform. Android officially released this Marshmallow OS, code-named M, in October 2015. The GM Bot version we analyzed can work on all Android versions up to the Marshmallow distribution.
This new finding is notable since GM Bot’s developer was banned in underground boards where he used to sell the malware. A competitor claimed that the original developer has stopped selling it. However, it’s now obvious that GM Bot is still alive and continuously updated to circumvent Android security. Attackers have been actively using the new version in the wild.