While the war in Ukraine continues, Google researchers discovered a malware from a Russian hacker group disguised as the pro-Ukrainian application Cyber Azov. This was announced by the Threat Analysis Group at Google (TAG), which specializes in tracking and exposing hacker actions.
According to TAG, the Cyber Azov app, which invokes the Ukrainian Azov military unit was actually created by Turla, a Kremlin-backed hacking group that has previously used malware to compromise European and American organizations.
According to TAG’s investigation, the application was distributed not through the Play Market, but as an APK file that can be installed directly from a site whose domain is controlled by Turla. The section “What the application does” states that “it is an easy-to-use application that initiates a DDoS attack against the Internet infrastructure of the occupiers.” However, the app is not effective for this, and the analysis of the APK file on VirusTotal showed that most antiviruses recognize it as a malicious application with a trojan.
TAG says that the number of users who installed the application is small and the attackers did not manage to cause significant damage. This is evidenced by the fact that no transactions took place at the bitcoin address specified on the donation site.
In addition to Android malware, TAG also spotted the use of the recently discovered Follina vulnerability in Microsoft Office, which allows hackers to take over computers with malicious Word documents. According to Google researchers, this vulnerability was used by groups linked to the Russian military to attack media resources in Ukraine.