Google: Kremlin-backed goons spread Android malware disguised as pro-Ukraine app

2022-07-20 20:36

Kremlin-backed criminals are trying to trick people into downloading Android malware by spoofing a Ukrainian military group, according to Google security researchers.

The CyberAzov app promises to "Help stop Russian aggression against Ukraine" by deploying Denial of Service attacks against set Russian targets, according to the phony website.

In reality, the app sends a single GET request, which isn't enough to launch an effective attack, and it likely contains a Trojan that infects the Android device, according to VirusTotal.

The Google Play Store did not distribute the malicious app.

The inspiration for the Turla CyberAzov app is likely another app, thought to be created by pro-Ukrainian developers.

In addition to developing malicious apps, Russian state-backed groups are also continuing to exploit the Follina vulnerability to target Ukrainian organizations, according to Google's TAG. Specifically, Russian GRU-affiliated gangs Sandworm and APT28 are using the remote code execution vulnerability in the Microsoft Windows Support Diagnostic Tool to attack Ukrainian media organizations.

News URL

https://go.theregister.com/feed/www.theregister.com/2022/07/20/google_russia_android_malware/

#android #google #kremlin #malware #ukraine

News URL

Related news