Stories
Slash Boxes
Comments

SoylentNews is people

posted by Fnord666 on Saturday October 05 2019, @09:34PM   Printer-friendly
from the attention-to-detail dept.

Submitted via IRC for SoyCow9088

Discovery of Geost Botnet Made Possible by Attacker OpSec Fails

A series of operational security (OpSec) failures on the part of attackers enabled researchers to discover the Geost botnet.

In mid-2018, Virus Bulletin researchers Sebastian Garcia, María José Erquiaga and Anna Shirokova discovered Geost, one of the largest Android banking botnets known today, while analyzing another malware family called HtBot. The researchers found that HtBot converted victims into unwilling proxies that received traffic from the malware’s network and then sent it to the web. While analyzing that traffic, they observed someone logging into the command-and-control (C&C) panel of what was then a previously undocumented botnet.

[...] Garcia, Erquiaga and Shirokova learned all of this and more because several OpSec failures made it possible for the researchers to access a chat log of an underground team hired by Geost’s controllers. This log provided insight into the creation of Geost, the development of new features and the use of victims’ stolen data. In so doing, the log also revealed just how spectacularly the Geost botmasters had failed to secure their creation.

As the researchers explained in a blog post:

Maintaining a good OpSec is difficult both for security analysts and attackers trying to hide. The discovery of the Geost botnet was possible because of several OpSec mistakes, including the use of the HtBot illegal proxy network, not encrypting their command-and-control servers, re-using security services, trusting other attackers with less OpSec ,and [sic] not encrypting their chat sessions.


Original Submission

This discussion has been archived. No new comments can be posted.
Display Options Threshold/Breakthrough Mark All as Read Mark All as Unread
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.
(1)
  • (Score: -1, Spam) by Anonymous Coward on Sunday October 06 2019, @01:08AM (1 child)

    by Anonymous Coward on Sunday October 06 2019, @01:08AM (#903245)

    Reports have come in a ghost nigger raping women in their own bedrooms in the middle of the night. Local women are advised to sleep with their windows locked for their own protection.

    • (Score: -1, Spam) by Anonymous Coward on Sunday October 06 2019, @01:46AM

      by Anonymous Coward on Sunday October 06 2019, @01:46AM (#903256)

      We love niggers here at SNN: SoylentNiggerNews.

  • (Score: 0) by Anonymous Coward on Sunday October 06 2019, @06:05PM

    by Anonymous Coward on Sunday October 06 2019, @06:05PM (#903451)

    But there's like no detail. The first link wants to sell you something, the second is a talk's page for a conference. "We could see the screens of the C&C servers" - what does that mean?

    Anyway, no financial stuff for me on mobile devices, indeed on any platform where I can't build the OS nor browser.

(1)