We already knew that the war in Ukraine is also taking place online. And today we have learned about a new technique of the Russian authorities to steal information: hackers of the Russian government tried to trick Ukrainian and international volunteers into using an app from Android. It promised to launch Distributed Denial of Service (DDoS) attacks against Russian sites, but actually carried malware.

This has been discovered by Google and VICE has echoed it. An informal collective of technologists and hackers have organized themselves under a quasi-hacktivist organization called the IT Army, and have launched constant and persistent cyberattacks against Russian websites.





Shane Huntley, the head of the Google Threat Analysis Group research team, says Russian government hackers have tried to explore new techniques. This time with a fake app. “Not all of their attempts (to innovate) work and not all of their approaches do, but there is considerable innovation in the forms and things that they are testing And it seems to me almost an experimental mentality.”

This is how the app worked

Google researchers wrote in the report that the app was created by the group of hackers known as Turlawhich several cybersecurity companies believe works for the Kremlin.

The hackers posed as a “community of free people from around the world fighting Russian aggression” as the IT Army. But the app they developed was actually malware. hackers they called it CyberAzov, referring to the Azov Regiment or Battalion, a far-right group that has become part of Ukraine’s national guard. To add more credibility, they hosted the app on a “fake” Azov Regiment domain: cyberazov[.]com.

According to Huntily, the app did not perform DDoS or denial-of-service attacks, but rather was designed to map and find out who would want to use such an app to attack Russian websites. This way you can “find out what the infrastructure is like and where the people who can carry out this type of attack are.” The fake app was not hosted on the Play Store.