Security News > 2022 > July > Google: Kremlin-backed goons spread Andriod malware disguised as pro-Ukraine app
Kremlin-backed criminals are trying to trick people into downloading Android malware by spoofing a Ukrainian military group, according to Google security researchers.
The CyberAzov app promises to "Help stop Russian aggression against Ukraine" by deploying Denial of Service attacks against set Russian targets, according to the phony website.
In reality, the app sends a single GET request, which isn't enough to launch an effective attack, and it likely contains a Trojan that infects the Android device, according to VirusTotal.
The Google Play Store did not distribute the malicious app.
The inspiration for the Turla CyberAzov app is likely another app, thought to be created by pro-Ukrainian developers.
In addition to developing malicious apps, Russian state-backed groups are also continuing to exploit the Follina vulnerability to target Ukrainian organizations, according to Google's TAG. Specifically, Russian GRU-affiliated gangs Sandworm and APT28 are using the remote code execution vulnerability in the Microsoft Windows Support Diagnostic Tool to attack Ukrainian media organizations.
News URL
https://go.theregister.com/feed/www.theregister.com/2022/07/20/google_russia_andriod_malware/
Related news
- Hackers Using Sneaky HTML Smuggling to Deliver Malware via Fake Google Sites (source)
- Google's new AI search results promotes sites pushing malware, scams (source)
- OfflRouter Malware Evades Detection in Ukraine for Almost a Decade (source)
- Google ad impersonates Whales Market to push wallet drainer malware (source)