Technology

Russia sought to unmask Ukrainian hackers with malware app, Google says

Madeline Monroe/iStock

Russian hackers apparently disguised and advertised a malware-infected Android app as a tool to fight back against Moscow in an effort to expose Ukrainian hackers.

Google’s Threat Analysis Group (TAG) released a report Tuesday explaining that Russians disguised the malicious app as one that would launch Denial of Service attacks on certain Russian websites — and distributed the app from a domain masked as an extension of the Ukrainian National Guard’s Azov Regiment. 

The distributor, Turla, is a group TAG attributes to the Russian Federal Security Service.

“Join the Cyber Azov and help stop russian aggression against Ukraine!” reads the advertisement on the third-party site distributing the apps, according to a screenshot shared by Google. “We have developed an Android application that attacks the Internet infrastructure of russia.” 

A Google spokesperson told The Hill that TAG speculates the app was likely intended to expose users who would click the link, install the app and participate in a such an attempt to attack Russia’s infrastructure.

Cyber warfare has been a main element of Russia’s war in Ukraine. 

But the Ukrainian government — and the country’s volunteer “IT Army” — have hit back, defending Ukraine on the digital battlefield against Russian disinformation campaigns and attacks on Ukraine’s power grid.

Turla has been known to launch cyberattacks in Ukraine and elsewhere, but Google reports this as “the first known instance of Turla distributing Android-related malware.” 

Google’s TAG found a similar app first distributed in March, “StopWar.apk,” which the group believes was developed by Ukrainians and became the “inspiration” for Turla’s spoof.

Google reports that the download count for Turla’s malware app was “miniscule.”

Updated: 5:29 p.m. on July 24