HQ/EMEAFind out how we can help your business
The Russian military faces a new threat, as Android malware has been identified embedded within altered Alpine Quest mapping application versions.
Reports indicate that Russian soldiers utilise this application for operational planning in combat zones. Malefactors promote the modified application as a complimentary, cracked edition of the premium Alpine Quest Pro, distributing it via Telegram channels and Russian application stores.
Due to its offline capabilities and precision, the app is a legitimate Android GPS and topographic mapping software favoured by adventurers, athletes, search-and-rescue teams, and military personnel.
In addition, it is available in two versions: a complimentary Lite version with limited features and a Pro version without tracking libraries, analytics, and ads.
The Android malware is stored on the functional version of the Alpine Quest app.
According to investigations, the spyware is concealed within a functional version of the Alpine Quest application, which reduces suspicion and facilitates data theft opportunities.
Upon activation, the malware seeks to extract communication data and sensitive documents from the device, potentially compromising information about military operations.
The spyware executes several malicious functions, including transmitting the user’s phone number, contacts, geolocation, file specifications, and application version to the perpetrators. It can also monitor location changes in real-time and relay updates to a Telegram bot.
Moreover, it can download additional modules to steal confidential files, particularly those shared via Telegram and WhatsApp.
The spyware also searches for the ‘locLog’ file from the Alpine Quest application, which contains the user’s location history logs.
The researchers also dubbed this previously unreported spyware as ‘Android.Spy.1292.origin’ but refrained from asserting its origin in their report.
Targeting military personnel is a strategy associated with Russian hacking operations. It is frequently linked to state-sponsored threat actors gathering intelligence for the Russian army. Hence, this is a novel operation since it targets the region that commonly employs such attacks.
The detection of the trojanized AlpineQuest application exemplifies that both factions in the conflict orchestrate these deceptive attacks, as intelligence gathering remains crucial for securing an advantage.
