There were 800 thousand victims of the Geost botnet, who stole a total of several million euros from the accounts of the unfortunates despite the seriousness of the situation, the matter has however a positive downside of the coin. The merit of the discovery goes to the researchers of the Avast Threats Lab and to those of the Czech Technical University of Prague, who have made it known how the wise choices of criminals have not only allowed analyzing samples of the malware designed to infect Android devices, but also to observe in detail how the group acted. In eight months, 6200 chat lines were collected from 29 people involved in the operation.
The Geost botnet used a large infrastructure of remotely controlled infected Android terminals: SMS traffic was monitored, hijacked and manipulated at will to communicate directly with the device owners’ banks. To do all this, 13 command and control servers were used to run hundreds of infected web domains, so it was certainly a non-indifferent network but the cyber-criminals failed in the simple task of encrypting the botnet, their chats, and they made the mistake of trusting “third-party cyber-attackers” who used even less secure methodologies.
Interesting the content of a particular chat, which has captured the words of a “worker” now demotivated to which the colleague replied “Alexander, we started this thing together and now we’ll finish it together, for now it’s working, and we can make money” but A. did not want to continue and the colleague has calmly written to be heard in case he changes his mind. The name at the beginning of the sentence may already have hinted at the nationality of the cyber-criminals, which coincides with that of the bank accounts affected: Russia.
If you want to go into the details of the matter, you can read the paper that will be presented at the London conference Virus Bulletin.