Thanks in no small part to the perpetrators' own sloppy operational security, researchers have uncovered a large Android banking trojan scheme that may have impacted hundreds of millions of Russians.

Dubbed Geost, the malware is distributed via a malicious cybercriminal botnet operation consisting of 13 command-and-control servers and more than 140 malicious domains, according to a paper issued today by a trio of researchers based in the Czech Republic: Sebastian Garcia of Czech Technical University in Prague; Maria Jose Erquiaga of UNCUYO University; and Anna Shirokova, security researcher at Avast Software.

Delivered via fake, malicious applications, Geost compromises Android devices so that attackers can remotely interact with the web services of five specific banks in Eastern Europe, potentially allowing them to steal funds. The researchers have not yet publicly identified the five banks. The report also alludes to a sixth victim, described as a publicly traded Russian electronic payment service provider.

Please register to continue.

Already registered? Log in.

Once you register, you'll receive:

  • News analysis

    The context and insight you need to stay abreast of the most important developments in cybersecurity. CISO and practitioner perspectives; strategy and tactics; solutions and innovation; policy and regulation.

  • Archives

    Unlimited access to nearly 20 years of SC Media industry analysis and news-you-can-use.

  • Daily Newswire

    SC Media’s essential morning briefing for cybersecurity professionals.

  • Learning Express

    One-click access to our extensive program of virtual events, with convenient calendar reminders and ability to earn CISSP credits.