Fake DDoS App Targets Pro-Ukrainian Hacktivists

Fake app for DDoS attacks

Google Threat Analysis Group (TAG) specialists reported that the Russian-speaking group Turla (aka Waterbug and Venomous Bear) created a fake Android application, allegedly designed to carry out DDoS attacks and target pro-Ukrainian hacktivists.

Let me remind you that we also wrote that Microsoft Accuses Russia of Cyberattacks against Ukraine’s Allies, and also that TrickBot Hack Group Systematically Attacks Ukraine.

In their report on cyber activity in Eastern Europe, experts write that this is the first Android development of Turla, and more often this hack group, which has existed since the 90s, is engaged in cyber espionage and data theft.

The application discovered by analysts was not distributed through the Google Play Store, but was hosted on the cyberazov*[.]com domain. At the same time, according to experts, the hackers took as a basis for their fake a real-life application for DDoS attacks, created by pro-Ukrainian developers.

On the mentioned site, hacktivists are encouraged to install an application that allegedly “attacks the Internet infrastructure of Russia” and join the ranks of CyberAzov, “a community of free people around the world who are fighting Russian aggression.”

This is the first known instance of Turla distributing Android malware. The application was not distributed through the Google Play Store, but was hosted on a domain controlled by an attacker and distributed through links in third-party messengers. The application is distributed under the guise of a tool for conducting DDoS attacks against a number of Russian sites. However, the whole “DoS” is to send a single GET request to the target site, which is clearly not enough for an effective attack.TAG experts say.

Google TAG believes that this operation did not have a serious impact on Android users, since the number of installations of the malicious application is extremely small. Apparently, the application was created in order to determine who wants to use it and follow these users.

Having an application under their control, they can see where it comes from, they can understand what the infrastructure looks like, and find out where the people who carry out such attacks are located.the experts summarize.

By Vladimir Krasnogolovy

Vladimir is a technical specialist who loves giving qualified advices and tips on GridinSoft's products. He's available 24/7 to assist you in any question regarding internet security.

View all of Vladimir Krasnogolovy's posts.

Leave a comment

Your email address will not be published.