Security News > 2022 > March > Malware disguised as security tool targets Ukraine's IT Army
A new malware campaign is taking advantage of people's willingness to support Ukraine's cyber warfare against Russia to infect them with password-stealing Trojans.
Last month, the Ukrainian government announced a new IT Army composed of volunteers worldwide who conduct cyberattacks and DDoS attacks against Russian entities.
As is common with malware distributors, threat actors are taking advantage of the IT Army by promoting a fake DDoS tool on Telegram that installs a password and information-stealing trojan.
In a new report by Cisco Talos, researchers warn that threat actors are mimicing a DDoS tool called the "Liberator", which is a website bomber for use against Russian propaganda outlets.
The Telegram posts claim that the tool fetches a list of Russian targets to attack from a server, so the user doesn't need to do much other than execute it on their machine.
The malware that's dropped on the victims' systems performs anti-debug checks before it executes and then follows a process injection step to load the Phoenix information stealer in memory.