Security News > 2022 > July > Google: Kremlin-backed goons spread Android malware disguised as pro-Ukraine app
Kremlin-backed criminals are trying to trick people into downloading Android malware by spoofing a Ukrainian military group, according to Google security researchers.
The CyberAzov app promises to "Help stop Russian aggression against Ukraine" by deploying Denial of Service attacks against set Russian targets, according to the phony website.
In reality, the app sends a single GET request, which isn't enough to launch an effective attack, and it likely contains a Trojan that infects the Android device, according to VirusTotal.
The Google Play Store did not distribute the malicious app.
The inspiration for the Turla CyberAzov app is likely another app, thought to be created by pro-Ukrainian developers.
In addition to developing malicious apps, Russian state-backed groups are also continuing to exploit the Follina vulnerability to target Ukrainian organizations, according to Google's TAG. Specifically, Russian GRU-affiliated gangs Sandworm and APT28 are using the remote code execution vulnerability in the Microsoft Windows Support Diagnostic Tool to attack Ukrainian media organizations.
News URL
https://go.theregister.com/feed/www.theregister.com/2022/07/20/google_russia_android_malware/
Related news
- SpyLoan Android malware on Google play installed 8 million times (source)
- 8 Million Android Users Hit by SpyLoan Malware in Loan Apps on Google Play (source)
- Russia targets Ukrainian conscripts with Windows, Android malware (source)
- Android malware "FakeCall" now reroutes bank calls to attackers (source)
- New FakeCall Malware Variant Hijacks Android Devices for Fraudulent Banking Calls (source)
- Google Warns of Actively Exploited CVE-2024-43093 Vulnerability in Android System (source)
- Google patches actively exploited Android vulnerability (CVE-2024-43093) (source)
- New Android Banking Malware 'ToxicPanda' Targets Users with Fraudulent Money Transfers (source)
- Google fixes two Android zero-days used in targeted attacks (source)
- Google's mysterious 'search.app' links leave Android users concerned (source)