Threat Database Botnets Geost Botnet

Geost Botnet

The Geost botnet is a campaign mainly carried out on the territory of the Russian Federation as it targets five Russian banks. The Geost malware goes after Android devices, and so far, experts have estimated that the botnet consists of over 800,000 infected machines.

Propagated via Over 200 Fake Applications

It appears that the creators of the Geost botnet are using bogus applications to propagate their malware. The software used to spread the Geost malware appears to be mostly fake social media and banking applications. These fraudulent applications are not hosted on the official Google Play Store, but they can be found on third-party Android application stores, which are popular in Russia. Cybersecurity researchers have determined that there are likely over 200 bogus applications that are carrying the Geost malware.

Uses the HtBot Malware and Does not Encrypt Communication with the C&C Server

The Geost botnet is believed to be a campaign that is carried out rather quietly, and if it was not for several wrong turns taken by the ill-minded actors, the activity of this botnet may have remained under the radar of experts for quite a while longer. The operators of the Geost botnet are employing the HtBot malware in order to turn the compromised hosts into proxy servers. However, the activity of the HtBot malware was spotted by cybersecurity researchers, and this helped the experts detect the Geost botnet itself. Furthermore, the operators of the Geost botnet have failed to encrypt the communication between the network and the C&C (Command & Control) server of the attackers. Once researchers located the server of the attackers, it was rather easy to spy on the traffic and gather more information regarding the botnet's activity and capabilities.

Capable of Spying on Victim’s Text Messages

When the Geost malware infiltrates a device, it will be able to read and collect the text messages of the victim. This is a very useful feature when it comes to banking-related malware, as most banking portals require two-factor authentication. Furthermore, the Geost malware makes sure to also erase all evidence from the device so that the user may never manage to spot that there is anything wrong going on.

Malware researchers speculate that the Geost botnet operation may have been very successful, and the con artists behind it have likely generated several million euros already. The Android OS has by far the largest market share when it comes to mobile devices so that it is no surprise that cybercriminals continue to develop more and more threats that target Android devices. Users need to be extra careful when downloading new software because fake applications can even be hosted on the official Google Play Store. This means that trusting third-party app stores is a very dangerous game to play, and it is advisable to stay away from such untrustworthy sources.


Most Viewed