Russian hackers use fake pro-Ukraine Android apps to spread malware

Google’s Threat Analysis Group has identified Russian-backed Android malware apps that claim to launch DoS attacks on Russian sites.

Google has identified a Russian state-backed malware group known as Turla as the source behind Android apps that falsely claim to help users support Ukraine in the ongoing war.

The Turla CyberAzov apps, which refer to the Ukrainian far-right military regiment Azov, are being distributed under the guise of carrying out denial of service (DoS) attacks on numerous Russian websites. However, none of the attacks is enough to harm the websites.

A DoS attack is an attempt to make an online service unavailable by inundating it with large amounts of data from multiple sources. Typically, multiple compromised computer systems are used as the source of attack traffic, also known as distributed denial of service attacks or DDoS.

Google’s Threat Analysis Group (TAG), created to protect Google users from state-sponsored cyber attacks, published a report on the Turla group’s activities in a blog post yesterday (July 19).

Billy Leonard, a security engineer at TAG, said this is the first known case of Turla spreading Android-related malware.

“The apps were not distributed through the Google Play Store, but hosted on a domain managed by the actor and distributed through links on third-party messaging services. We believe there was no major impact on Android users and the number of installs was miniscule,” he said.

While investigating the Turla CyberAzov apps, TAG identified another Android app, StopWar, which claimed to carry out DoS attacks on Russian websites. The StopWar app, distributed from a host website, was first spotted in the wild in March 2022.

StopWar was written by another developer and also downloads a list of targets from a third-party site, but unlike the Turla apps, TAG said it continuously sends requests to the target websites until stopped by the user.

“Based on our analysis, we believe that the StopWar app was developed by pro-Ukrainian developers and was the inspiration for what Turla actors based their fake CyberAzov DoS app on,” Leonard added.

In addition to malware disguised as Android apps, TAG also published details of the recently discovered Follina vulnerability in Microsoft Officethat allows hackers to access computers using malicious Word documents.

10 things to know straight to your inbox every weekday. Sign up for the Daily overviewSilicon Republic’s summary of essential sci-tech news.