In partnership with the Czech Technical University and the UNCUYO University, Avast’s cybersecurity researchers have discovered a massive hacking campaign targeting Android users in Eastern Europe and Russia. The method used by hackers of the Geost group is based on the spread of a banking malware, whose operating mode is similar to malwares like Anubis.
This dangerous Android malware empties the bank account of its victims
To infiltrate the smartphones of their victims, hackers recover legitimate applications on the Play Store to include a piece of malicious code. These violated applications are then offered for download on alternative Android application stores. These are usually games, social network apps or popular banking applications.
Once installed on the smartphone, the malware will keep an eye on received SMS. Thus, the malware can remain dormant for several years until the day an SMS from a bank will be spotted. It will then seize the data (identifiers and password) transmitted in clear by the banking services. Sometimes the malware also retrieves the bank details by displaying a dummy login window. Users then automatically enter their identifiers. This is where hackers get what they want. According to Avast, the malware is able to imitate the interface of five banks in Eastern Europe.
Since 2016, hackers from Geost have managed to steal millions of euros from the bank accounts of their victims. Avast estimates that the malware has allowed hackers to strip 800,000 accounts in three years. Fortunately, the firm recently obtained more information about Geost’s activitiesn, compromising the identity of two members of the group. The firm has obviously passed on this valuable information to the competent authorities. Nevertheless, Geost’s operation is still in progress.