Russian threat actors are adding fuel to the fire by taking advantage of the ongoing conflict between Russia and Ukraine for their benefit. It has been discovered that Russian hackers have been distributing Android malware by camouflaging it as an app.
This app is disguised as a pro-Ukrainian hacktivist that is designed to launch DDoS, or denial of service, attacks against Russian sites. However, the attributed malware to these apps is Turla, as discovered by Google Threat Analysis Group, or TAG.
Turla is an advanced and persistent threat. It is also known as Krypton, Venomous Bear, Uriburos, and Waterbug. Furthermore, TAG also found it to be linked to Russia’s Federal Security Service (FSB).
TAG researchers claim that this is the first time Turla has been seen distributing Android-related malware. Furthermore, these apps were not distributed using Google Play Store. Instead, they made use of a hosted domain that the actor controlled. They also spread links to download the app through third-party messaging apps.
This app, containing the malware, was hosted on a domain disguised with the name Azov Regiment, a unit of the National Guard of Ukraine. It called on people worldwide to help fight Russian aggression by taking part in a denial of service attack on Russian-owned web servers to overwhelm their resources.
Google TAG postulates that this app drew inspiration from another Android app that stopwar[.]pro distributed through its website. The app from this website was also designed to conduct DoS attacks and continually send requests to target websites.
However, it is essential to note that the Cyber Azvoz app was only installed a minuscule number of times and therefore does not significantly impact Android users.
- 8 Private and Secure Browsers
- How to Share WiFi Passwords to Mac?
- The New Samsung Wallet Replaces Samsung Pay and Samsung Pass
- Avast vs Avira