Ukraine's 'IT Army' Risks Being Hijacked By Malware

A new malware campaign is taking advantage of people's willingness to support Ukraine's cyber warfare against Russia to infect them with password-stealing Trojans.  

Ukraine’s vice prime minister, Mykhailo Fedorov, organised a volunteer group referred to as 'the IT army' of hackers to conduct DDoS attacks against Russian targets.

Threat actors are taking advantage of current events, such as the IT Army, to promote a fake DDoS tool on Telegram that installs a password and information-stealing Trojan.

Now security researchers have advised Ukrainian actors to beware of downloading DDoS tools to use in attacks against Russia, as they could contain information stealing malware. Cisco Talos has recently warned that cyber criminals have been seeking to exploit the support for Ukraine and installing the secret malware to get back at Ukrainian hackers. Specifically, they have detected DDoS tools available on Telegram  loaded with malware.

One of the tools offered by a group called disBalancer is offering a tool called Liberator that has been spoofed by threat actors. The malware-affected version has been spread on different platforms.

The versions detected on Telegram were found to be malware, specifically an information stealer that was designed to compromise those who wanted to use the Liberator malware. Those behind the activity have been distributing 'infostealers' since last November, stated Cisco. If Russia finds itself under persistent DDoS attack, these tactics could escalate.

Cyber security researchers have also warned that the spoofing attacks could be originating from a privateer group, a state sponsored actor, or a nation state. Russian state-backed hackers have well-established skills in causing temporary outages to multiple agency websites by targeting an externally loaded widget used to collect visitor statistics.

Understandably, people around the world are motivated to rake action and oppose the military invasion of Ukraine, but joining in cyber attacks can be unwise. Even when these actions appear to be sponsored by the Ukrainian government, which has the support of the aggregate international community, it does not make their use legal.

Users taking part in DDoS, defacement, or network breaching attacks are still at risk of running in to  trouble with their own country’s law enforcement agencies and this malware distributing campaign is yet another reason why you should avoid taking part in this kind of operation, as you put yourself at risk.

OodaloopRealHackerNewsBleeping Computer:   ABC:      Infosecuirity Magazine:      Venturecation:  

You Might Also Read: 

The Online Battle In Ukraine:

 

« Employees Blame Their Employer For Data Theft
Phishing Attack On US Government Linked To Chinese Hackers »

CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

CYRIN

CYRIN

CYRIN® Cyber Range. Real Tools, Real Attacks, Real Scenarios. See why leading educational institutions and companies in the U.S. have begun to adopt the CYRIN® system.

NordLayer

NordLayer

NordLayer is an adaptive network access security solution for modern businesses — from the world’s most trusted cybersecurity brand, Nord Security. 

Clayden Law

Clayden Law

Clayden Law advise global businesses that buy and sell technology products and services. We are experts in information technology, data privacy and cybersecurity law.

Authentic8

Authentic8

Authentic8 transforms how organizations secure and control the use of the web with Silo, its patented cloud browser.

CSI Consulting Services

CSI Consulting Services

Get Advice From The Experts: * Training * Penetration Testing * Data Governance * GDPR Compliance. Connecting you to the best in the business.

StoneFly

StoneFly

StoneFly offers High Availability, high performance cluster and scale out storage, and backup and disaster recovery appliances.

MetricStream

MetricStream

MetricStream provide integrated GRC solutions across business, IT, and security functions.

Systancia

Systancia

Systancia offer solutions for the virtualization of applications and VDI, external access security, Privileged Access Management (PAM), Single Sign-On (SSO) and Identity and Access Management (IAM).

Protocol Policy Systems

Protocol Policy Systems

Protocol Policy Systems specialise in IT policy deployment and management systems that deliver compliance and secure computing environments.

Cobalt Labs

Cobalt Labs

Pen Testing as a Service for Modern SaaS Businesses. Cobalt is redefining the modern pen test for companies who want serious hacker-like testing built into their development cycle.

SHIELD

SHIELD

SHIELD is an established end-to-end fraud management solution that blocks fraudulent activities such as account takeovers, fake accounts creation, fraudulent payments, loyalty fraud and more.

TechRate

TechRate

Techrate is an analytics agency focused on blockchain technology and engineering. Or expertise includes security and technical audits of projects.

SecureStrux

SecureStrux

SecureStrux are a cybersecurity consulting firm providing specialized services in the areas of compliance, vulnerability assessment, computer network defense, and cybersecurity strategies.

SecondWrite

SecondWrite

SecondWrite’s next-generation malware detection engine delivers a combination of automatic deep code inspection and accurate scoring of zero-day malware.

Evina

Evina

Evina offers the most advanced cybersecurity and fraud protection for mobile payment.

Hackuity

Hackuity

Hackuity is a breakthrough technology solution that rethinks the way of managing IT vulnerabilities in enterprises.

Moro Hub

Moro Hub

Moro Hub, a subsidiary of Digital DEWA, is a UAE-based digital data hub focused on digital transformation and operational services.

Probity

Probity

Probity Inc. is a certified software development and systems engineering company, providing support to federal government and national defense related clients.

Prikus Tech

Prikus Tech

Prikus is a full-fledged Cyber Security Company helping organizations worldwide to manage cyber risks. We offer Risk & Compliance Services, Security Testing & Managed Security Services.

Bastazo

Bastazo

Bastazo provides tools for vulnerability and patch management. Focus your cybersecurity operations on vulnerabilities with the highest risk of exploitation.

Oduma Solutions

Oduma Solutions

Oduma Solutions is a wholly owned Ghanaian Cybersecurity company that offers information security services to organisations seeking to improve their security posture.