Group-IB has reliable information that the Carberp creators are developing and selling custom "Web injects" -- scripts that define how banking malware interacts with targeted websites -- for the sites of major North American banks like Wells Fargo, Citibank, JP Morgan Chase, Bank of America, TD Bank and others, Andrey Komarov, Group-IB's head of international projects department, said Monday.
The Carberp creators are selling custom versions of the malware with Web injects that target specific banks, Komarov said via email. "We have samples of Carberp Web injects for banks in U.S. and Canada."
In addition, Carberp customers can develop their own custom Web inject if they know the API (application programming interface) and the proper Web inject structure, he said.
The Carberp authors will probably not get many customers, considering the malware's price, Komarov said. However, they will attract professional customers with experience in running money mule and cashout operations in the U.S., Canada and Australia, he said.