Fraudulent network that infected about 800 thousand Android phones in the Russia
A large-scale hacker attack was discovered, the victims of which were about 800 thousand smartphones in Russia. Criminals managed to get access to several million Euros in the Bank accounts of Russians.
It is clarified that Avast specialists determined that the Russian smartphones were attacked by a banking botnet that collects information and personal data. The infection has occurred since 2016.
It turned out that all infected devices were connected to Geost. As a result, attackers were able to remotely control the gadget. Hackers could send and receive SMS messages. The dangerous program was disguised as various banking services and social media applications, so it was easy to download it. The main targets of the Trojan were five banks located in Russia and Android devices.
Geost botnet used 13 command and control servers to launch hundreds of malicious domains. It was possible to expose it because of the mistake made by the scammers. They used a proxy network created by the malware HtBot, in which information was not encrypted. So, experts were able to find personal correspondence of criminals, which mentioned money laundering.
According to Avast employee Anna Shirokova, the company managed to gain access to the correspondence of cybercriminals and malware. “We got a really unprecedented idea of how such groups work,” Shirokova shares her success. In total, experts studied eight months of correspondence, which was attended by 29 of the attackers.
The exact amount of theft is not called. Avast also did not specify who exactly was involved in the creation of the botnet.
According to researchers, the Geost botnet could control several billion rubles in the accounts of victims.
Earlier, E Hacking News reported that International company Group-IB has recorded a new Android Trojan campaign, the victims of which are customers of 70 banks, payment systems, web-wallets in the Russian Federation and the CIS. The potential damage from the Trojan, called FANTA, amounted to at least 35 million rubles ($547,000). According to the company, the Trojan is aimed, in particular, at users who place purchase and sale advertisements on a Russian classified advertisements website Avito.