Russia Targeting Ukrainian Military Recruits with Android, Windows Malware
Google reported a Russian cyberespionage campaign, UNC5812, targeting Ukrainian military recruits through malware on Telegram. The campaign aims to disrupt mobilization efforts and discredit the military, prompting Google to intervene.
Read original article
Google has reported a Russian cyberespionage campaign aimed at Ukrainian military recruits, identified as UNC5812. This operation involves a Telegram persona named Civil Defense, which distributes malware disguised as software for locating military recruiters. On Android devices lacking Google Play Protect, users unknowingly install malware such as CraxsRat and SunSpinner, which can steal sensitive information and monitor device activity. Windows users are targeted with the Pronsis Loader, leading to further malware infections including PureStealer, designed to exfiltrate browser data and cryptocurrency information. The campaign, which became fully operational in September 2024, utilizes promoted posts on Ukrainian-language Telegram channels to drive traffic to the Civil Defense website, which falsely claims to protect user anonymity. The site also features anti-mobilization content aimed at discrediting the Ukrainian military. Google has alerted Ukrainian authorities, blocked the malicious website, and added the identified malware to its Safe Browsing service. The campaign reflects ongoing efforts by pro-Russian actors to undermine Ukraine's military mobilization, particularly following the introduction of a national digital military ID system.
- Russian cyberespionage campaign targets Ukrainian military recruits.
- Malware is distributed via a Telegram channel disguised as useful software.
- Android and Windows users are both targeted with different types of malware.
- The campaign aims to discredit the Ukrainian military and disrupt mobilization efforts.
- Google has taken steps to block the malicious website and inform Ukrainian authorities.
Related
China-linked cyber-spies infect Russian govt, IT sector
Chinese cyber-spies compromised Russian government and IT systems using malware, including GrewApacha and CloudSorcerer, through phishing emails and cloud services, indicating collaboration among state-sponsored hacking groups.
Russia: Citizens must turn off home surveillance because Ukrainians are coming
Russia's Ministry of Internal Affairs warns residents in Bryansk, Kursk, and Belgorod to disable surveillance systems and avoid dating apps to prevent Ukrainian intelligence gathering amid ongoing conflict and evacuations.
Russian government hackers used spyware exploits made by NSO and Intellexa
Russian hackers are exploiting vulnerabilities similar to those from NSO Group, targeting Mongolian government websites and affecting iPhone and Android users. Google urges software updates to mitigate risks.
Found: Android apps that use OCR to steal cryptocurrency credentials
Researchers found over 280 malicious Android apps using OCR technology to steal cryptocurrency wallet credentials. These apps disguise as legitimate services and are spreading from South Korea to the UK.
11M devices infected with botnet malware hosted in Google Play
Researchers found 11 million devices infected with Necro malware from two Google Play apps, Wuta Camera and Max Browser, which used a malicious SDK. Users are advised to check for infection signs.
0 commentsRelated
China-linked cyber-spies infect Russian govt, IT sector
Chinese cyber-spies compromised Russian government and IT systems using malware, including GrewApacha and CloudSorcerer, through phishing emails and cloud services, indicating collaboration among state-sponsored hacking groups.
Russia: Citizens must turn off home surveillance because Ukrainians are coming
Russia's Ministry of Internal Affairs warns residents in Bryansk, Kursk, and Belgorod to disable surveillance systems and avoid dating apps to prevent Ukrainian intelligence gathering amid ongoing conflict and evacuations.
Russian government hackers used spyware exploits made by NSO and Intellexa
Russian hackers are exploiting vulnerabilities similar to those from NSO Group, targeting Mongolian government websites and affecting iPhone and Android users. Google urges software updates to mitigate risks.
Found: Android apps that use OCR to steal cryptocurrency credentials
Researchers found over 280 malicious Android apps using OCR technology to steal cryptocurrency wallet credentials. These apps disguise as legitimate services and are spreading from South Korea to the UK.
11M devices infected with botnet malware hosted in Google Play
Researchers found 11 million devices infected with Necro malware from two Google Play apps, Wuta Camera and Max Browser, which used a malicious SDK. Users are advised to check for infection signs.