CyberSecurity news
FlagThis
info@thehackernews.com (The@The Hacker News
//
Russian military personnel are being targeted by a new Android spyware campaign that disguises itself as a legitimate Alpine Quest mapping application. The spyware, dubbed Android.Spy.1292.origin, is distributed through unofficial channels, including Russian Android app catalogs and a fake Telegram channel promoting a pirated "Pro" version of the app. Once installed, the trojanized app functions like the original Alpine Quest, a popular navigation tool used by outdoor enthusiasts and also relied upon by Russian soldiers in military zones due to its offline capabilities. This allows the malware to remain undetected while it secretly harvests sensitive data from the compromised device.
The spyware collects a wide range of information, including the user's phone number, contact lists, geolocation data, and a list of files stored on the device. This data is then sent to a remote command-and-control server and a Telegram bot controlled by the attackers. The attackers are particularly interested in retrieving confidential documents shared via messaging apps like Telegram and WhatsApp. The malware also targets a specific file called "locLog" created by Alpine Quest, which logs detailed user movement data. By stealing this file, the attackers can reconstruct the victim's movements over time, enabling surveillance.
Security researchers at Doctor Web discovered the campaign and noted the modular design of the spyware, which allows attackers to expand its capabilities by downloading additional modules. This can enable the exfiltration of specific content and execute a wider spectrum of malicious tasks. The attacks mirror tactics previously deployed by Russian groups against Ukrainian soldiers, seeking to access data from military apps and encrypted messaging apps. Experts advise downloading Android apps only from trusted app marketplaces and avoiding downloading "free" paid versions of software from dubious sources to mitigate the risk posed by such threats.
ImgSrc: blogger.googleu
References :
The spyware collects a wide range of information, including the user's phone number, contact lists, geolocation data, and a list of files stored on the device. This data is then sent to a remote command-and-control server and a Telegram bot controlled by the attackers. The attackers are particularly interested in retrieving confidential documents shared via messaging apps like Telegram and WhatsApp. The malware also targets a specific file called "locLog" created by Alpine Quest, which logs detailed user movement data. By stealing this file, the attackers can reconstruct the victim's movements over time, enabling surveillance.
Security researchers at Doctor Web discovered the campaign and noted the modular design of the spyware, which allows attackers to expand its capabilities by downloading additional modules. This can enable the exfiltration of specific content and execute a wider spectrum of malicious tasks. The attacks mirror tactics previously deployed by Russian groups against Ukrainian soldiers, seeking to access data from military apps and encrypted messaging apps. Experts advise downloading Android apps only from trusted app marketplaces and avoiding downloading "free" paid versions of software from dubious sources to mitigate the risk posed by such threats.
ImgSrc: blogger.googleu
Share:
References :
- hackread.com: Fake Alpine Quest Mapping App Spotted Spying on Russian Military
- Risky.Biz: Risky Bulletin: Russian military personnel targeted with Android spyware reminiscent of Russia's own tactics
- Risky Business Media: Risky Bulletin: Russian military personnel targeted with Android spyware
- The Hacker News: Android Spyware Disguised as Alpine Quest App Targets Russian Military Devices
- bsky.app: Podcast: risky.biz/RBNEWS415/ Newsletter: https://news.risky.biz/risky-bulletin-russian-military-personnel-targeted-with-android-spyware-reminiscent-of-russias-own-tactics/ -Russian military personnel targeted with Android spyware reminiscent of Russia's own tactics -Hegseth involved in 2nd Signalgate scandal -two CISA Secure by Designs execs leave -Asian cyber scam call centers spread worldwide