- I opened up a cheap 600W charger to test its build, and found 'goo' inside
- How to negotiate like a pro: 4 secrets to success
- One of the cheapest Android tablets I've ever tested replaced my iPad with no sweat
- I use this cheap Android tablet more than my iPad Pro - and don't regret it
- The LG soundbar made my home audio sound like a theater - even though it's not the newest model
Ukrainian IT Army Hijacked by Infostealing Malware
Security researchers are urging pro-Ukrainian actors to be wary of downloading DDoS tools to attack Russia, as they may be booby-trapped with info-stealing malware.
In late February, Ukrainian vice prime minister, Mykhailo Fedorov, called for a volunteer “IT army” of hackers to DDoS Russian targets.
However, Cisco Talos claimed that opportunistic cyber-criminals are looking to exploit the subsequent widespread outpouring of support for the Eastern European nation.
Specifically, it detected posts on Telegram offering DDoS tools which were actually loaded with malware. One such tool, dubbed “Liberator,” is offered by a group calling itself “disBalancer.” Although legitimate, it has been spoofed by others, said Cisco.
“The file offered on the Telegram page ended up being malware, specifically an infostealer designed to compromise unwitting users,” it explained.
“The malware in this case dumps a variety of credentials and a large amount of cryptocurrency-related information, including wallets and metamask information, which is commonly associated with non-fungible tokens (NFTs).”
There’s no way to tell the malicious spoofs from the real DDoS tool as none are digitally signed, the vendor warned.
As those behind this malicious activity have been distributing infostealers since last November, Cisco assessed that it’s not the work of new actors but those looking to make a quick buck from the war in Ukraine.
However, such tactics could escalate if Russia finds itself under sustained DDoS attack, warned Cisco.
“In this case, we found some cyber-criminals distributing an infostealer, but it could have just as easily been a more sophisticated state-sponsored actor or privateer group doing work on behalf of a nation state,” it concluded.
“We remind users to be wary of installing software whose origins are unknown, especially software that is being dropped into random chat rooms on the internet.”
The news comes after the Russian government this week revealed hackers had caused temporary outages of multiple agency websites by targeting an externally loaded widget used to collect visitor statistics.
Security researchers have also observed pro-Ukrainian hacktivists searching for and deleting Russian cloud databases.
