Turla, an advanced persistent threat (APT) group believed to be working on behalf of Russia’s Federal Security Service (FSB), has been observed distributing Android apps masqueraded as tools for performing Denial of Service (DoS) attacks from a domain spoofing the Ukrainian Azov Regiment.
According to Google’s Threat Analysis Group (TAG), who discovered the campaign, the apps were not distributed through the Google Play Store, but hosted on an attacker-controlled domain and distributed via links on third party messaging services.
“The app is distributed under the guise of performing Denial of Service (DoS) attacks against a set of Russian websites. However, the 'DoS' consists only of a single GET request to the target website, not enough to be effective,” Google TAG security engineer Billy Leonard wrote in a blog post.
The researchers believe that this campaign had no major impact on Android users as the number of installs was miniscule.
Earlier this week, the Computer Emergency Response Team of Ukraine (CERT-UA) said it detected a malicious campaign aimed at Ukraine’s government bodies that distributed the Agent Tesla infostealer.