Doctor Web researchers discovered a new spyware, tracked as Android. Spy.1292.origin, targets Russian military people. The malicious code was concealed in a trojanized Alpine Quest app and distributed via Russian Android catalogues. The malware acquires contacts, geolocation, and file data, and it can also download additional modules to exfiltrate stored data when directed.
“Alpine Quest is topographic software that allows different maps to be used both in online and offline mode. It is popular among athletes, travelers, and hunters but also widely used by Russian military personnel in the Special Military Operation zone—and this is what the malware campaign organizers decided to exploit.” reads the report published by researchers at Doctor Web. Threat actors embedded Android.Spy.1292.origin into one of the older Alpine Quest app versions and distributed the trojanized variant under the guise of a freely available version of Alpine Quest Pro, a program with advanced functionality.”
To propagate the trojanized Alpine Quest software, threat actors developed a fraudulent Telegram channel. They shared an app download link from a Russian app store, and then they used the same route to push a malicious update.
[…]
Content was cut in order to protect the source.Please visit the source for the rest of the article.
This article has been indexed from CySecurity News – Latest Information Security and Hacking Incidents
Read the original article: