Google Threat Analysis Group (TAG) specialists reported that the Russian-speaking group Turla (aka Waterbug and Venomous Bear) created a fake Android application, allegedly designed to carry out DDoS attacks and target pro-Ukrainian hacktivists.
Let me remind you that we also wrote that Microsoft Accuses Russia of Cyberattacks against Ukraine’s Allies, and also that TrickBot Hack Group Systematically Attacks Ukraine.
In their report on cyber activity in Eastern Europe, experts write that this is the first Android development of Turla, and more often this hack group, which has existed since the 90s, is engaged in cyber espionage and data theft.
The application discovered by analysts was not distributed through the Google Play Store, but was hosted on the cyberazov*[.]com domain. At the same time, according to experts, the hackers took as a basis for their fake a real-life application for DDoS attacks, created by pro-Ukrainian developers.
On the mentioned site, hacktivists are encouraged to install an application that allegedly “attacks the Internet infrastructure of Russia” and join the ranks of CyberAzov, “a community of free people around the world who are fighting Russian aggression.”
Google TAG believes that this operation did not have a serious impact on Android users, since the number of installations of the malicious application is extremely small. Apparently, the application was created in order to determine who wants to use it and follow these users.