Particle.news
Download on the App Store
3 ARTICLES
·
3d ago

Trojanized Alpine Quest App Targets Russian Soldiers with Spyware

Newly discovered Android malware exfiltrates sensitive data from Russian military personnel using a modified version of a popular mapping app.

Trojan horse on top of blocks of hexadecimal programming codes. Illustration of the concept of online hacking, computer spyware, malware and ransomware.
Image

Overview

  • Researchers at Doctor Web identified Android.Spy.1292.origin, a spyware embedded in a trojanized version of the Alpine Quest mapping app.
  • The malware targets Russian military personnel in Ukraine, exploiting their reliance on Alpine Quest for offline navigation and planning.
  • Distributed as a cracked Pro version via Telegram channels and Russian app stores, the app appears legitimate, allowing it to remain undetected longer.
  • The spyware collects phone numbers, contacts, geolocation, file metadata, and location logs, and can download additional modules to steal sensitive documents.
  • Attribution for the malware remains unconfirmed, though its functionality aligns with state-backed intelligence operations, possibly linked to Ukraine.