A powerful Android botnet dubbed Geost has been spotted targeting Russian citizens, with the end goal of distributing a banking trojan to victims.
The botnet has infected more than 800,000 Android devices, controlling several million Euros held in five banks, according to researchers from Czech Technical University, UNCUYO University and Avast that discovered the botnet.
“A rare chain of OpSec mistakes lead to the discovery of a new Android banking botnet,” according to the research,Zaloguj lub Zarejestruj się aby zobaczyć!in London on Wednesday. “The unusual discovery was made when the botmasters decided to trust a malicious proxy network built by a malware called HtBot. The HtBot malware provides a proxy service that can be rented to give users a pseudo-anonymous communication to the internet. [...]"
Adding insult to injury, Geost’s botmasters also failed to encrypt their communications, giving researchers a direct view into the adversaries’ internal workings.
Propagation and Reach
The Geost botnet consists of infected Android phones, which are victimized by the botnet via malicious, fake applications. These include fake banking apps and fake social networks. Once infected the phones connect to the botnet and are remotely controlled.
Zaloguj
lub
Zarejestruj się
aby zobaczyć!