- 5 biggest Linux and open-source stories of 2024: From AI arguments to security close calls
- Trump taps Sriram Krishnan for AI advisor role amid strategic shift in tech policy
- Interpol Identifies Over 140 Human Traffickers in New Initiative
- 5 network automation startups to watch
- The State of Security in 2024: The Fortra Experts Take a Look
Russian Hackers Target Ukrainians Via Copycat DoS App
Researchers have spotted what they believe is the first recorded instance of Android malware distributed by prolific state-sponsored Russian hacking group Turla.
Also known as Venomous Bear among many other monikers, the APT group is linked to Russia’s Federal Security Service (FSB), a successor to the KGB.
As such, it’s currently involved in operations targeting Ukrainian forces and pro-Ukrainian activists, many of whom have been encouraged to enlist in a volunteer “IT army” to DDoS Russian assets.
To do so, some are encouraged to use apps like StopWar, an Android application designed to make it easy for Ukraine supporters to DDoS pre-selected Russian sites direct from their smartphone.
It is this app, spotted by Google’s Threat Analysis Group (TAG) in March, that the Turla group has now spoofed in an attempt to infect users with malware.
The apps in question are hosted on a domain which spoofs the Ukrainian Azov Regiment, a far-right infantry unit currently fighting on the front line.
“The apps were not distributed through the Google Play Store, but hosted on a domain controlled by the actor and disseminated via links on third party messaging services,” said Google TAG security engineer, Billy Leonard.
“The app is distributed under the guise of performing Denial of Service (DoS) attacks against a set of Russian websites. However, the ‘DoS’ consists only of a single GET request to the target website, not enough to be effective.”
It’s unclear what the final malicious payload is, and in any case Leonard explained that the number of installs so far has been “miniscule.” However, the tactic highlights the varied measures and counter measures both sides are using in a bid to win the cyber war.
In March, security researchers warned pro-Ukrainian activists to be cautious when downloading DDoS tools from the internet as they may be booby-trapped with info-stealing Russian malware.