Ukraine: fake app used to deceive Ukrainian fans

The Google Threat Intelligence Team sheds light on tactics used against Ukrainians in the conflict between that country and Russia, highlighting the development of a fake app called CyberAzov. As the researchers explain in their blog, this application is a tool that allows the user to send Ddos-like attacks against Russian websites and services.

Distributed on the site in the colors of the Azov Regiment, a Ukrainian regiment involved in hostilities and often singled out in conflict by one camp or another, the app promises to make it easier to conduct DDoS attacks on Russian government websites. and offers to download it to opponents of the invasion of Ukraine. The site also offers the opportunity to make donations to support the project, in particular to a cryptocurrency wallet address. At the moment this one does not display any transactions.

Luckily, there are few downloads.

But you have to be careful with the appearance: as the Google TAG team has shown, the functions of the application are completely different. According to the researchers, the functionality of the application for launching DDoS attacks is imperfect: “The application is distributed under the guise of performing denial of service (DoS) attacks against a number of Russian websites. However, “DoS” consists of only one GET request to the target website, which is not enough to be effective,” the Google TAG blog post on the subject says. Worse, according to The Verge, the app contains malware that several antivirus programs detect as Trojan-type malware.

The good news, however, was that the app was distributed only on a dedicated website, a link to which circulated in several messaging systems and discussion groups. Therefore, the app was not offered on the official Android Google Play store, and the researchers estimated that the number of downloads remained minimal.

For Google TAG researchers, the authors of this app are linked to the Turla group, a group of cyberattacks suspected of working directly on behalf of Russian intelligence agencies. Turla is a group that has been active since 2008 and whose activities are mainly focused on spying on targets within government or strategic organizations. According to Google TAG, the developers of Turla were inspired by a genuine initiative to prepare and distribute their trap app. In March 2022, the Stop War app invited its users to participate in the conflict by bombarding Russian websites with requests to disable them. “Based on our analysis, we believe that the StopWar app was developed by pro-Ukrainian developers and was the inspiration on which the Turla developers based their CyberAzov fake DoS app,” write Google TAG analysts.

Back to top button

Adblock Detected

Please consider supporting us by disabling your ad blocker.