Daily Tech News, Interviews, Reviews and Updates

Russian hackers tricked Ukrainians; presented fake “DoS Android Apps to target Russia”

Russian hackers took advantage of the ongoing conflict against Ukraine to distribute Android malware disguised as an app for pro-Ukrainian hacktivists. They tried to facilitate the launch of distributed denial-of-service (DDoS) attacks against Russian sites. 

Google Threat Analysis Group (TAG) stated Turla as the cause of the malware. Turla is an advanced persistent threat also known as Krypton, Venomous Bear, Waterbug, and Uroburos, and is linked to Russia’s Federal Security Services (FSB)

Researcher of TAG, Billy Leonard asserted that this is the first known instance of Turla distributing Android-related malware. These apps were not distributed through Google Play Store; rather it was hosted on a domain controlled by the threat actors. They were then disseminated via links to third-party messaging services. 

The onslaught of cyberattacks after the immediate aftermath of Russia’s unprovoked invasion of Ukraine prompted Ukraine to form an IT Army to stage counter-DDoS attacks against these Russian websites. It appears that the goal of the Turla operation is to use this volunteer-run effort to their own advantage. 

The decoy app was hosted on a domain that masqueraded as the Azov Regiment, a unit of the National Guard of Ukraine. It called people from around the world to fight Russia’s aggression by initiating a denial-of-service attack on the web servers belonging to Russian websites. 

Google TAG mentioned that the threat actors were inspired by another Android app distributed through a website named “stopwar[.]pro”. Even this website is designed to conduct DoS attacks by continuously sending requests to the target websites. 

Get real time updates directly on you device, subscribe now.



You might also like