One of the malware phenomena that is rapidly expanding is the Geost Android botnet which is reported to have gained the size of more than 800,000 hosts, most of them in Russia. The end goal of the botnet is to deliver an Android Trojan which can both overtake the devices and recruit them as part of the worldwide operation. The hacking group behind the threat appears to target the country with its infiltration tactics.
800,000 Hosts Are Now Part of The Geost Android Botnet
One of the dangerous incidents that has amassed a large-scale size is the Geost Android botnet which according to the security reports has recruited 800,000 hosts running the mobile operating system. A team of researchers and security experts has reveals details on the matter. It appears that the primary method of distribution is the creation of fake applications. In order for this to work the hackers can follow the typical behavior which we have seen so far:
- The creation of commonly installed applications. The hackers will follow the trending apps which are often downloaded on the Google Play Store and create almost identical copies that will contain the virus installation code in the. They can be spread to the repository using fake criminal identities and the posted descriptions may also include faux user reviews.
- The criminals can also distribute the malicious copies on download portals and other special sites that can pose as legitimate home pages or download landing pages.
- Links to these files can be spread to social networks using hacked or fake user profiles.
According to the security researchers the Geost Android botnet is designed to also feature a financial theft feature — if it detects user activity that is related to online banking with certain financial institutions it will hijack the information and even possibly replace the information in order to steal the funds. At any time other distribution tactics can be engaged.
The Geost Android Botnet Shows Potent Capabilities
When the Geost infection is active on a given device the main infiltration engine will be started. It allows the hackers to gain access to the stored user data. This includes not only the stored images and files, but also SMS messages and private communication. This can reveal the identity of the victim users and be used for other crimes such as well, including financial abuse and identity theft.
Eventually security researchers were able to gain intelligence about the command and control servers used by the Geost botnet. The discovery shows that the criminal collective contains information about 72,600 individual victims. Just one of the pages shows that the users were holding about 15,000 Euros in their accounts. When the estimated number of affected users is accounted for this signals that the criminal controllers of the botnet may be able to access data about holders of about 240 million Euros. As it appears the Geost Android botnet also installs a Trojan proxy on the affected devices which allows the hackers to potentially take over control of the devices, install other malware and steal files.