The source code for a powerful Android malware program that steals online banking credentials has been leaked. IBM researchers say the malware family is known by several names, including GM Bot, Slempo, Bankosy, Acecard and MazarBot. GM Bot exploits an issue known as activity hijacking in older Android devices that allow an overlay to be displayed over a legitimate app. The user then inputs their authentication credentials, which are sent to the attackers. The malware family has been sold on underground hacking forums for around US$500.”]