"Russian Hackers Target Ukrainians Via Copycat DoS App"

Researchers at Google's Threat Analysis Group (TAG) have discovered what they believe is the first recorded instance of Android malware distributed by prolific state-sponsored Russian hacking group Turla also known as Venomous Bear.  The APT group is linked to Russia's Federal Security Service (FSB), a successor to the KGB.  The APT group is currently involved in operations targeting Ukrainian forces and pro-Ukrainian activists, many of whom have been encouraged to enlist in a volunteer "IT army" to DDoS Russian assets.  To do so, some are encouraged to use apps like StopWar, an Android application designed to make it easy for Ukraine supporters to DDoS pre-selected Russian sites direct from their smartphones.  Turla group has now spoofed this app in an attempt to infect users with malware.  The apps in question are hosted on a domain which spoofs the Ukrainian Azov Regiment, a far-right infantry unit currently fighting on the front line.  The researchers stated that the apps were not distributed through the Google Play Store but hosted on a domain controlled by the actor and disseminated via links on third-party messaging services.  The researchers noted that the app is distributed under the guise of performing Denial of Service (DoS) attacks against a set of Russian websites.  However, the 'DoS' consists only of a single GET request to the target website, not enough to be effective.  The researchers noted that it is unclear what the final malicious payload is.  The number of installs so far has been "minuscule." However, the tactic highlights the various measures and countermeasures both sides are using in a bid to win the cyber war.

Infosecurity reports: "Russian Hackers Target Ukrainians Via Copycat DoS App"