Google Discovers Ukrainian Turla Hackers Using Android Malware

Google’s Threat Analysis Group (TAG), whose main objective is to protect Google users from state-sponsored assaults, said today that threat groups supported by Russia are still primarily targeting Ukrainian companies with their attacks.

Google TAG security engineer Billy Leonard claimed that hackers associated with the Turla Russian APT gang had also been seen distributing their first Android malware in a report on recent cyber activities in Eastern Europe.

This is the first reported case of malware connected to Android being distributed through Turla. According to Leonard, the applications were not released through the Google Play Store instead they were housed on a domain owned by the actor and shared via links on outside chat platforms.
The software is promoted under the pretense of launching DoS assaults against several Russian websites. However, the ‘DoS’ is ineffective since it just makes one GET request to the target website.
Analysts at Google TAG think that while developing their own fictitious “Cyber Azov” DDoS application, Turla’s operators utilized the StopWar Android app created by pro-Ukrainian developers (hosted at stopwar[.]pro).