Google researchers discovered malware from a Russian state group disguised as a pro-Ukrainian application. Details were published by the TAG group, which monitors and exposes hacking activities, financed by the states.

TAG proved that the Cyber ​​Azov application, which uses the insignia of the Ukrainian regiment, was actually created by the hacker group Turla. The group is known for working with the support of the Kremlin and has already compromised European and American organizations.

Fake Azov application from Russian hackers: Google revealed another cyber fraud
Screenshot from the Cyber ​​Azov site, taken by TAG researchers

The Android application was distributed through a domain controlled by Turla. It should have been manually installed from an APK file instead of the usual download from Google Play.

Azov’s fake application was supposed to launch DoS attacks on Russian servers. A TAG check revealed that it did not, of course, but contained a Trojan according to the data of VirusTotal. Google notes that few users have installed the application, and funds have not yet been received at the bitcoin address specified in it for collecting donations.

The application created by Turla tries to use the trend of the current war: the decentralized help of digital volunteers who want to help Ukraine. Previously, the Ukrainian IT army was called an innovative approach to information and cyber resistance.