{"id":16647,"date":"2019-10-21T10:52:17","date_gmt":"2019-10-21T18:52:17","guid":{"rendered":"http:\/\/www.palada.net\/index.php\/2019\/10\/21\/news-10386\/"},"modified":"2019-10-21T10:52:17","modified_gmt":"2019-10-21T18:52:17","slug":"news-10386","status":"publish","type":"post","link":"http:\/\/www.palada.net\/index.php\/2019\/10\/21\/news-10386\/","title":{"rendered":"VB2019 paper: Geost botnet. The story of the discovery of a new Android banking trojan from an OpSec error"},"content":{"rendered":"

OpSec mistakes are what lead to many malware discoveries, but in the case of the Geost Android<\/em> botnet the mistake was a really interesting one: its operators were using another botnet, HtBot, to manage infected devices, not realising that researchers were analysing some HtBot-infected hosts.<\/p>\n

This led researchers Sebastian Garc\u00eda, Maria Jose Erquiaga and Anna Shirokova to the discovery of Geost, a large Android<\/em> botnet mostly targeting users of online banking in Russia.<\/p>\n

\"htbot-infra.jpg\"Discovery of the Geost botnet. A monitored bot of the HtBot malware was used by the Geost botmasters. First, the Geost botmaster connected to the HtBot network; second, the HtBot network relayed the data to our bot; third, our bot sent the traffic to the Internet; fourth, the botmaster accessed the Geost C&C server on the Internet.<\/span>
Today we publish the researchers’ paper on Geost in both HTML<\/a> and PDF <\/a>format. We have also uploaded the video of Sebastian and Anna presenting at VB2019 in London to our YouTube<\/em> channel.<\/p>\n

\u00a0<\/p>\n

\u00a0<\/p>\n