Virus Bulletin 2019: Geost Android Botnet Goes After Millions of Euros

OXYGEN THIEF

Bardzo aktywny
Członek Załogi
Administrator
Dołączył
26 Maj 2010
Posty
35578
Reakcje/Polubienia
24602
Miasto
Trololololo
A powerful Android botnet dubbed Geost has been spotted targeting Russian citizens, with the end goal of distributing a banking trojan to victims.

The botnet has infected more than 800,000 Android devices, controlling several million Euros held in five banks, according to researchers from Czech Technical University, UNCUYO University and Avast that discovered the botnet.
“A rare chain of OpSec mistakes lead to the discovery of a new Android banking botnet,” according to the research,
Zaloguj lub Zarejestruj się aby zobaczyć!
in London on Wednesday. “The unusual discovery was made when the botmasters decided to trust a malicious proxy network built by a malware called HtBot. The HtBot malware provides a proxy service that can be rented to give users a pseudo-anonymous communication to the internet. [...]"
Adding insult to injury, Geost’s botmasters also failed to encrypt their communications, giving researchers a direct view into the adversaries’ internal workings.
Propagation and Reach
The Geost botnet consists of infected Android phones, which are victimized by the botnet via malicious, fake applications. These include fake banking apps and fake social networks. Once infected the phones connect to the botnet and are remotely controlled.

Zaloguj lub Zarejestruj się aby zobaczyć!
 
Do góry