Sebastián García, María José Erquiaga (Stratosphere IPS) and our Avast Software coworker Anna Shirokova will present their recent discovery of Geost botnet at one of the best security conferences Black Hat Europe in London. Their talk Money Doesn't Stink - Cybercriminal Business Insight of A New Android Botnet is scheduled for December 4, 11:00 a.m. The interesting part of ther discovery which will be presented there, is not only detecting the malware itself but finding a chat log of the criminal group. We know how the attackers operate, where they get the money for their operations and what are the challenges they face in terms of hierarchy, communication and management.
In mid 2018, we discovered one of the largest reported Android banking botnets known to date. It was discovered when we saw one of their botmasters logging in into one of their C&C servers. During the analysis, we found a chat log of a cybercriminal entrepreneur group related to the Geost operation. This log exposed 28 people doing business for 8 months, discussing numerous projects and activities of the underground market and giving us a unique insight into how the business operation worked: the human relationships between the cybercriminals, daily routine tasks, motivational issues, money laundering, the decisions taken, and obstacles found. This work is unique because it shows the attackers communications in a private group and reveals a portion of how the underground cybercriminal business operates in relation with technical details of the malware. For them, operating a botnet was just one more job, and they showed no regrets or concerns about where the money is coming from, nor recognition that they were attacking others. At the end of the day, for them, the money didn't stink. Full abstract is at the conference website.
Black Hat is probably the most technical and relevant information security event series in the world. For more than 20 years, Black Hat Briefings have provided attendees with the very latest in information security research, development, and trends in a strictly vendor-neutral environment. These high-profile global events and Trainings are driven by the needs of the security community, striving to bring together the best minds in the industry. Black Hat inspires professionals at all career levels, encouraging growth and collaboration among academia, world-class researchers, and leaders in the public and private sectors. From its inception in 1997, Black Hat has grown from a single annual conference in Las Vegas to the most respected information security event series internationally. Today, Black Hat Briefings and Trainings are held annually in the United States, Europe and Asia, providing a premier venue for elite security researchers and trainers to find their audience.