New Android Spyware Is Targeting Russian Military Personnel On the Front Lines (arstechnica.com) 24
An anonymous reader quotes a report from Ars Technica: Russian military personnel are being targeted with recently discovered Android malware that steals their contacts and tracks their location. The malware is hidden inside a modified app for Alpine Quest mapping software, which is used by, among others, hunters, athletes, and Russian personnel stationed in the war zone in Ukraine. The app displays various topographical maps for use online and offline. The trojanized Alpine Quest app is being pushed on a dedicated Telegram channel and in unofficial Android app repositories. The chief selling point of the trojanized app is that it provides a free version of Alpine Quest Pro, which is usually available only to paying users.
The malicious module is named Android.Spy.1292.origin. In a blog post, researchers at Russia-based security firm Dr.Web wrote: "Because Android.Spy.1292.origin is embedded into a copy of the genuine app, it looks and operates as the original, which allows it to stay undetected and execute malicious tasks for longer periods of time. Each time it is launched, the trojan collects and sends the following data to the C&C server:
- the user's mobile phone number and their accounts;
- contacts from the phonebook;
- the current date;
- the current geolocation;
- information about the files stored on the device;
- the app's version."
If there are files of interest to the threat actors, they can update the app with a module that steals them. The threat actors behind Android.Spy.1292.origin are particularly interested in confidential documents sent over Telegram and WhatsApp. They also show interest in the file locLog, the location log created by Alpine Quest. The modular design of the app makes it possible for it to receive additional updates that expand its capabilities even further.
The malicious module is named Android.Spy.1292.origin. In a blog post, researchers at Russia-based security firm Dr.Web wrote: "Because Android.Spy.1292.origin is embedded into a copy of the genuine app, it looks and operates as the original, which allows it to stay undetected and execute malicious tasks for longer periods of time. Each time it is launched, the trojan collects and sends the following data to the C&C server:
- the user's mobile phone number and their accounts;
- contacts from the phonebook;
- the current date;
- the current geolocation;
- information about the files stored on the device;
- the app's version."
If there are files of interest to the threat actors, they can update the app with a module that steals them. The threat actors behind Android.Spy.1292.origin are particularly interested in confidential documents sent over Telegram and WhatsApp. They also show interest in the file locLog, the location log created by Alpine Quest. The modular design of the app makes it possible for it to receive additional updates that expand its capabilities even further.
Awesome (Score:2)
Sounds like an excellent targeting system.
ha ha (Score:2)
/nelson
Seriously? Front line infantry are relying on pirate versions of android apps on their phones for basic navigation/orienteering? That says a lot. None of it good.
Re:ha ha (Score:5, Insightful)
Here's an idea, lets all use Telegram to plan our next
So a Russian soldier is about as tech savvy as the people running the Pentagon?
Yeah, I agree, none of that can be good.
Re: (Score:2)
Re: (Score:2)
Re: (Score:2)
Apparently these poor meatgrinder victims are free enough to buy an Android phone and a data plan. Your fable doesn't add up.
Re:ha ha (Score:4, Funny)
Front line infantry are relying on pirate versions of android apps on their phones for basic navigation/orienteering?
That's nothing. Russian fighter-bombers have been seen with civilian grade GPS units [globaldefensecorp.com] duct taped to their instrument panel.
Allowing advanced western technology to fall into Russian hands is unconscionable. Who let them get hold of duct tape?
Re: (Score:2)
Re: (Score:3)
"Having Putin's asset in the Whitehouse sure is making it hard for the Ukrainians today"
The plan was already to do some "stakeholder capitalism" on Ukraine and have Blackrock take its land. This was already the plan with the expectation that Ukraine would win. The US has used Ukraine as a dumping ground for waste, as a host for biological warfare facilities, and as a source for human sex and organ trafficking. The goal was never for Ukraine to be prosperous, but for it to be profitable, and for it to be a s
Re: (Score:1)
The US has used Ukraine as a dumping ground for waste, as a host for biological warfare facilities
In other news Ukrainian combat mosquitoes jacked up on DTRA are being outfitted with GPS receivers and infecting Russian troops with deadly 5G nano-particles. You heard it here first folks.
Re: (Score:2)
Re: (Score:1)
I could give you the clip of victoria nuland confirming those facilities exist, but then you'd have to lie and say, "those aren't weapons facilities, they're only trying to help!"
Nuland personally trained entire flocks of birds to spread Ukrainian bio weapons while simultaneously masterminding a coup d'etat.
Nuland shits out so many 5G nano-particles they clog the toilet.
Speak her name at your peril.
Re: (Score:2)
Ow poor little weak Russia being forced to defend itself from a country 20% its population, piss poor and with an almost non existent military back in 2014. And the land grab is of course not a land grab but merely a preemptive strike.
And yes, this was sarcasm and you are either a conspiracy nutter or a putinbot.
Re: ha ha (Score:2)
do something fun like make them text an premium ra (Score:2)
do something fun like make them text an premium rate sms service that gives all funds to the ukraine
Re: (Score:2)
Done already in 2023 iirc.
So... Ukraine, spying on Russian soldiers? (Score:3)
Or Russia, following the old KGB playbook?