Avast researchers have discovered a banking virus that has infected more than 800 thousand Android devices of Russian users. According to preliminary data, attackers could control millions of rubles in the bank accounts of Russians.
The virus called Geost has been operating since 2016 and represents a complex infrastructure of infected smartphones. Attackers edit the application code from Google Play, and then upload to third-party stores for the Android OS. It was controlled by a botnet.
Fraudsters gain access to SMS messages, communication with banks and the ability to redirect smartphone traffic to different sites.
Geost was discovered due to an error by cybercriminals. They used a proxy network, the information in which was not encrypted, and the researchers gained access to their correspondence.
They discussed methods of money laundering and payments through popular systems among Russian-speaking cybercriminals.
“We got a truly unprecedented view of how such groups work. We managed to see not only malware samples, but also understand how hackers work with lower-level spyware that connect devices to the botnet, ” said Avast researcher Anna Shirokova.
Analysts believe that the main targets of the virus are five large banks operating in Russia. Their names were not disclosed.
Recall, recently, Juniper Threat Labs experts discovered a virus that steals personal user data and replaces cryptocurrency wallets with their own.
In the summer, C3N employees neutralized a botnet miner that attacked over 850,000 computers in more than 100 countries.
Subscribe to BlockchainJournal news on Facebook !
BlockchainJournal.news
BlockchainJournal.news
