Geost Botnet

Geost Botnet Description

The Geost Botnet is a network of infected Android devices that specializes in distributing banking Trojans. Unusually, the Geost Botnet targets the finances of its members, instead of attacking third parties, and equally oddly, prefers the customers of Russian banking services. Android phone users can have compatible anti-malware protection remove the Geost Botnet, and should contact their bank for other steps to take afterward immediately.

Insecurity for Criminals Becomes Forewarning for Their Victims

A particularly enterprising team of criminals is collecting funds from hundreds of thousands of Russian banking customers. While their boldness for targeting Russian finance is notable, considering that nation's unique relationship with cyber-criminals, it doesn't correspond to conservative operational behavior. Poor choices on the part of this threat actor have given the world a close look at the previously-invisible Geost Botnet.

The Geost Botnet is unusual in several ways, albeit not its motivation of making money via theft. It targets Android smartphones, compromising them through fake applications for social messaging or financial Web services. Then, it recruits the devices into its botnet – although its technique of doing so is a part of its downfall.

The Geost Botnet uses a proxy service based on Htbot, which is insecure sufficiently that it gave security researchers a lead into the Trojan's C&C infrastructure. Criminal communications without encryption provided even more information, including such crucial pieces as their AV avoidance techniques, and such personal ones as the relationships between Black Hats as individual actors.

Despite all quirks, the Geost Botnet still is devoted to making money, by the straightforward method of dropping a banking Trojan that compromises the browser and related applications for accessing bank accounts.

What the Geost Botnet's Victims Lose Besides Their Money

The Geost Botnet's threat actors are interested in exploiting SMS messaging capabilities, hijacking users' browsers and forging bank communications. All of these are possible tactics for collecting passwords and other security information. Not-so-coincidentally, the Geost Botnet's criminal team also accesses a vast and invasive quantity of the user's information.

The Geost Botnet's capabilities could apply just as well to many banking organizations. However, malware experts are verifying the lack of any non-Russian ones in its current campaign. The ones whose customers are under attack are well-financed and large, which indicates that a lack of technical expertise or funding isn't the reason for this overall strategic decision.

Android users with a possible infection should assume that all SMS content, among other information, is in criminal hands. Anti-malware solutions that are suited to that OS, hopefully, will delete the Geost Botnet at the 'fake application' stage.

European universities, the cyber-security industry, and Russian banking organizations are working together to put an end to the Geost Botnet. For now, however, its eight hundred thousand infected phones are potential wellsprings of profit.

Use SpyHunter to Detect and Remove PC Threats

If you are concerned that malware or PC threats similar to Geost Botnet may have infected your computer, we recommend you start an in-depth system scan with SpyHunter. SpyHunter is an advanced malware protection and remediation application that offers subscribers a comprehensive method for protecting PCs from malware, in addition to providing one-on-one technical support service.

Download SpyHunter's Malware Scanner

Note: SpyHunter's free version is only for malware detection. If SpyHunter detects malware on your PC, you will need to purchase SpyHunter's malware tool to remove the malware threats. Learn more on SpyHunter. If you would like to uninstall SpyHunter for any reason, please follow these uninstall instructions. To learn more about our policies and practices, visit our EULA, Privacy Policy and Threat Assessment Criteria.

Why can't I open any program including SpyHunter? You may have a malware file running in memory that kills any programs that you try to launch on your PC. Tip: Download SpyHunter from a clean computer, copy it to a USB thumb drive, DVD or CD, then install it on the infected PC and run SpyHunter's malware scanner.

Use SpyHunter to Detect and Remove PC Threats

If you are concerned that malware or PC threats similar to Geost Botnet may have infected your computer, we recommend you start an in-depth system scan with SpyHunter. SpyHunter is an advanced malware protection and remediation application that offers subscribers a comprehensive method for protecting PCs from malware, in addition to providing one-on-one technical support service.

Download SpyHunter's Malware Scanner

Note: SpyHunter's free version is only for malware detection. If SpyHunter detects malware on your PC, you will need to purchase SpyHunter's malware tool to remove the malware threats. Learn more on SpyHunter. If you would like to uninstall SpyHunter for any reason, please follow these uninstall instructions. To learn more about our policies and practices, visit our EULA, Privacy Policy and Threat Assessment Criteria.

Why can't I open any program including SpyHunter? You may have a malware file running in memory that kills any programs that you try to launch on your PC. Tip: Download SpyHunter from a clean computer, copy it to a USB thumb drive, DVD or CD, then install it on the infected PC and run SpyHunter's malware scanner.

Posted: October 3, 2019

Leave a Reply

Please note that we are not able to assist with billing and support issues regarding SpyHunter or other products. If you're having issues with SpyHunter, please get in touch with SpyHunter customer support through your SpyHunter. If you have SpyHunter billing questions, we recommend you check the Billing FAQ. For general suggestions or feedback, contact us.