Ukraine's 'IT Army' Risks Being Hijacked By Malware
A new malware campaign is taking advantage of people's willingness to support Ukraine's cyber warfare against Russia to infect them with password-stealing Trojans.
Ukraine’s vice prime minister, Mykhailo Fedorov, organised a volunteer group referred to as 'the IT army' of hackers to conduct DDoS attacks against Russian targets.
Threat actors are taking advantage of current events, such as the IT Army, to promote a fake DDoS tool on Telegram that installs a password and information-stealing Trojan.
Now security researchers have advised Ukrainian actors to beware of downloading DDoS tools to use in attacks against Russia, as they could contain information stealing malware. Cisco Talos has recently warned that cyber criminals have been seeking to exploit the support for Ukraine and installing the secret malware to get back at Ukrainian hackers. Specifically, they have detected DDoS tools available on Telegram loaded with malware.
One of the tools offered by a group called disBalancer is offering a tool called Liberator that has been spoofed by threat actors. The malware-affected version has been spread on different platforms.
The versions detected on Telegram were found to be malware, specifically an information stealer that was designed to compromise those who wanted to use the Liberator malware. Those behind the activity have been distributing 'infostealers' since last November, stated Cisco. If Russia finds itself under persistent DDoS attack, these tactics could escalate.
Cyber security researchers have also warned that the spoofing attacks could be originating from a privateer group, a state sponsored actor, or a nation state. Russian state-backed hackers have well-established skills in causing temporary outages to multiple agency websites by targeting an externally loaded widget used to collect visitor statistics.
Understandably, people around the world are motivated to rake action and oppose the military invasion of Ukraine, but joining in cyber attacks can be unwise. Even when these actions appear to be sponsored by the Ukrainian government, which has the support of the aggregate international community, it does not make their use legal.
Users taking part in DDoS, defacement, or network breaching attacks are still at risk of running in to trouble with their own country’s law enforcement agencies and this malware distributing campaign is yet another reason why you should avoid taking part in this kind of operation, as you put yourself at risk.
Oodaloop: RealHackerNews: Bleeping Computer: ABC: Infosecuirity Magazine: Venturecation:
You Might Also Read: