By Eliza Popova
This software is used by military personnel of the Russian Army, who are involved in hostilities in the territory of Ukraine - they became the main purpose of the attack. The viral application extends to the counterfeit channel in the Telegram messenger, which was created to simulate the officially resource of the developers of Alpine Quest.
Initially, they posted a link to downloading the program in the unofficial Android app catalog, and then the software was published separately in the channel under the guise of update. The main advantage that encourages users to download the Trojanized Program is that it provides a free version of Alpine Quest Pro, which is usually only available on a paid subscription. As specified in Dr. web, Android. Spy. 1292.
origin is built into a copy of the real app, it looks and works as an original, so it can harm users unnoticed for a very long time. The modular design of the application enables it to receive additional updates that are further expanding the capabilities.
During each launch, the virus collects and sends the following data to the server: the user's mobile phone number and his account; contacts from the phone book; the current date; current geolocation; information about the files stored on the device; The version of the program. If the attackers see interesting files in the list, then the module that stops them can be launched using software updates.
According to the researchers, the developers of the application are especially interested in the documents that the military send through Telegram and WhatsApp. They also show interest in the Locolog file, the Location Location created by Alpine Quest. Dr. web did not indicate who could be the creation and spread of a harmful application aimed at the Russians. It is possible that Ukrainian special services do this, says Arstechnica.
English
Українська
USA
Français
Deutsch
Italiano
Polski
Čeština
Español
Slovensku
