New Android Spyware Is Targeting Russian Military Personnel On the Front Lines

An anonymous reader quotes a report from Ars Technica: Russian military personnel are being targeted with recently discovered Android malware that steals their contacts and tracks their location. The malware is hidden inside a modified app for Alpine Quest mapping software, which is used by, among others, hunters, athletes, and Russian personnel stationed in the war zone in Ukraine. The app displays various topographical maps for use online and offline. The trojanized Alpine Quest app is being pushed on a dedicated Telegram channel and in unofficial Android app repositories. The chief selling point of the trojanized app is that it provides a free version of Alpine Quest Pro, which is usually available only to paying users.

The malicious module is named Android.Spy.1292.origin. In a blog post, researchers at Russia-based security firm Dr.Web wrote: "Because Android.Spy.1292.origin is embedded into a copy of the genuine app, it looks and operates as the original, which allows it to stay undetected and execute malicious tasks for longer periods of time. Each time it is launched, the trojan collects and sends the following data to the C&C server:

- the user's mobile phone number and their accounts;
- contacts from the phonebook;
- the current date;
- the current geolocation;
- information about the files stored on the device;
- the app's version."

If there are files of interest to the threat actors, they can update the app with a module that steals them. The threat actors behind Android.Spy.1292.origin are particularly interested in confidential documents sent over Telegram and WhatsApp. They also show interest in the file locLog, the location log created by Alpine Quest. The modular design of the app makes it possible for it to receive additional updates that expand its capabilities even further.

Awesome

[Baron_Yam]

Sounds like an excellent targeting system.

ha ha

[Local ID10T]

/nelson

Seriously? Front line infantry are relying on pirate versions of android apps on their phones for basic navigation/orienteering? That says a lot. None of it good.

Re:ha ha

[Big Hairy Gorilla]

My take on that is that soldiers are just regular people.. who have no idea whatsoever goes on in a phone or what the current state of phones are.
Here's an idea, lets all use Telegram to plan our next ... whatever... bombing? Or like at the Pentagon. Hey! lets all use Signal to plan our next bombing.
So a Russian soldier is about as tech savvy as the people running the Pentagon?
Yeah, I agree, none of that can be good. ;-(

Re:

[alvinrod]

If it beats the alternatives what do you expect. Unless the enemy is tapped in and can warn their own soldiers about the attack before your side can execute it, it's immaterial. If you know that they know you can even use it to your advantage to call in a fake attack to get them to react to it. If you're not assuming that your communications are compromised on some level you're probably deluding yourself anyway. Even if you do have a secure system at the start of a conflict, expecting it to remain secure is

Re:

[stabiesoft]

From reporting I've seen, most on the front lines are not regular people. They are people allowed out of prison in exchange for a get out of jail free card. The slaughter is so bad that prisoners are declining and then being forced. And then we have the other "regular" people from NK that are being shipped over to be cannon fodder. It is ugly, and really just f*cked up that trump is saying putin is listening and wants peace the day after putin lobbed a major attack on Kiev I think it was using NK missiles.

Re:ha ha

[PPH]

Front line infantry are relying on pirate versions of android apps on their phones for basic navigation/orienteering?

That's nothing. Russian fighter-bombers have been seen with civilian grade GPS units [globaldefensecorp.com] duct taped to their instrument panel.

Allowing advanced western technology to fall into Russian hands is unconscionable. Who let them get hold of duct tape?

Re:

[Rujiel]

"...and here's how Ukraine can still win!"

do something fun like make them text an premium ra

[Joe_Dragon]

do something fun like make them text an premium rate sms service that gives all funds to the ukraine

Re:

[Mr. Dollar Ton]

Done already in 2023 iirc.

So... Ukraine, spying on Russian soldiers?

[93 Escort Wagon]

Or Russia, following the old KGB playbook?