Security News > 2022 > July > Google: Kremlin-backed goons spread Andriod malware disguised as pro-Ukraine app
Kremlin-backed criminals are trying to trick people into downloading Android malware by spoofing a Ukrainian military group, according to Google security researchers.
The CyberAzov app promises to "Help stop Russian aggression against Ukraine" by deploying Denial of Service attacks against set Russian targets, according to the phony website.
In reality, the app sends a single GET request, which isn't enough to launch an effective attack, and it likely contains a Trojan that infects the Android device, according to VirusTotal.
The Google Play Store did not distribute the malicious app.
The inspiration for the Turla CyberAzov app is likely another app, thought to be created by pro-Ukrainian developers.
In addition to developing malicious apps, Russian state-backed groups are also continuing to exploit the Follina vulnerability to target Ukrainian organizations, according to Google's TAG. Specifically, Russian GRU-affiliated gangs Sandworm and APT28 are using the remote code execution vulnerability in the Microsoft Windows Support Diagnostic Tool to attack Ukrainian media organizations.
News URL
https://go.theregister.com/feed/www.theregister.com/2022/07/20/google_russia_andriod_malware/
Related news
- Fake Homebrew Google ads target Mac users with malware (source)
- Crypto-stealing iOS, Android malware found on App Store, Google Play (source)
- Fake Google Chrome Sites Distribute ValleyRAT Malware via DLL Hijacking (source)
- Week in review: Exploited 7-Zip 0-day flaw, crypto-stealing malware found on App Store, Google Play (source)
- SpyLend Android malware downloaded 100,000 times from Google Play (source)