Russia Targeting Ukrainian Military Recruits With Android, Windows Malware, Google Says
securityweekA Russian cyberespionage and influence campaign has been targeting military recruits in Ukraine to undermine the country’s mobilization efforts, Google reports.
As part of the hybrid activity, tracked as UNC5812, a Telegram persona named Civil Defense has been distributing allegedly free software for locating Ukrainian military recruiters, but which turns out to be platform-specific malware instead.
On Android devices without Google Play Protect enabled, the software would install commodity malware and a decoy mapping application. Google has observed the Android backdoor CraxsRat and the SunSpinner malware being delivered to victims.
CraxsRat contains typical Android backdoor functionality, such as file and SMS management, contact and credential theft, and the ability to monitor keystrokes, device location, and audio input.
A decoy application written with the Flutter framework, SunSpinner can display the crowdsourced location of Ukrainian military recruiters. While it offers an option to add new markers, all the markers in the ...
Copyright of this story solely belongs to securityweek . To see the full text click HERE