Light Dark
October 8, 2019 By Shane Schick 2 min read

Researchers claimed a banking botnet dubbed Geost has provided attackers access to account information and other data on more than 800,000 Android users since 2016.

As outlined by a new paper released during the Virus Bulletin conference in London by a group that included Czech Technical University in Prague, Argentina’s UNCUYO University and security firm Avast, the campaign involved 13 command-and-control (C&C) servers running hundreds of domains.

A Peek Behind the Curtain of the Geost Botnet

Some basic errors in IT security exposed the banking botnet and even some of the behind-the-scenes conversations among those running it. While using a tool that facilitates private communications called HtBot, the attackers failed to encrypt their data, revealing what they were doing with the botnet, according to the researchers.

The campaign’s approach involved taking legitimate apps within the Google Play store and editing them to include malicious code before making them available on third-party sites for download. Anyone who installed the apps — which included not only banking apps but also games and social media tools — unknowingly allowed malware to monitor their text messages. Geost’s targets included the customers of at least five banks in Eastern Europe and Russia, where banking passwords are sometimes sent via SMS.

If the attackers failed to get account credentials that way, the botnet served up pop-ups within apps asking for login details directly from Android users.

Beyond the technical details behind the botnet, the chat logs from HtBot offered a rare glimpse into the interpersonal relationships among those involved in cybercriminal activity, the researchers noted. Some admitted to feeling “demotivated” despite Geost’s financial success, for example, and one even said he was “not in,” even after being goaded by his colleague to “stand together.”

How to Defend Against Banking Botnets

There is a long history of users innocently installing apps that turn out to be malware or contain malicious code. As always, policies that restrict downloads to trusted sites and app stores are an IT team’s best defense against this type of threat.

Unified endpoint management (UEM) tools provide an extra layer of protection by automating the process of both detecting and remediating any suspicious activity that comes from apps or other sources.

 |  |  |  |  |  |  | 
Shane Schick
Writer & Editor

More from

November 15, 2024

Cybersecurity dominates concerns among the C-suite, small businesses and the nation

4 min read - Once relegated to the fringes of business operations, cybersecurity has evolved into a front-and-center concern for organizations worldwide. What was once considered a technical issue managed by IT departments has become a boardroom topic of utmost importance. With the rise of sophisticated cyberattacks, the growing use of generative AI by threat actors and massive data breach costs, it is no longer a question of whether cybersecurity matters but how deeply it affects every facet of modern operations.The 2024 Allianz Risk…

November 14, 2024

Autonomous security for cloud in AWS: Harnessing the power of AI for a secure future

3 min read - As the digital world evolves, businesses increasingly rely on cloud solutions to store data, run operations and manage applications. However, with this growth comes the challenge of ensuring that cloud environments remain secure and compliant with ever-changing regulations. This is where the idea of autonomous security for cloud (ASC) comes into play.Security and compliance aren't just technical buzzwords; they are crucial for businesses of all sizes. With data breaches and cyber threats on the rise, having systems that ensure your…

November 13, 2024

Adversarial advantage: Using nation-state threat analysis to strengthen U.S. cybersecurity

4 min read - Nation-state adversaries are changing their approach, pivoting from data destruction to prioritizing stealth and espionage. According to the Microsoft 2023 Digital Defense Report, "nation-state attackers are increasing their investments and launching more sophisticated cyberattacks to evade detection and achieve strategic priorities."These actors pose a critical threat to United States infrastructure and protected data, and compromising either resource could put citizens at risk.Thankfully, there's an upside to these malicious efforts: information. By analyzing nation-state tactics, government agencies and private enterprises are…

Topic updates

 Get email updates and stay ahead of the latest threats to the security landscape, thought leadership and research.
Subscribe today
© 2024 IBM Contact Privacy Terms of use Accessibility Cookie Preferences
Sponsored by si-icon-eightbarfeature