Russian army personnel are being focused with just lately found Android malware that steals their contacts and tracks their location.

The malware is hidden inside a modified app for Alpine Quest mapping software program, which is utilized by, amongst others, hunters, athletes, and Russian personnel stationed within the struggle zone in Ukraine. The app shows varied topographical maps to be used on-line and offline. The trojanized Alpine Quest app is being pushed on a devoted Telegram channel and in unofficial Android app repositories. The chief promoting level of the trojanized app is that it offers a free model of Alpine Quest Professional, which is normally obtainable solely to paying customers.

Appears like the true factor

The malicious module is known as Android.Spy.1292.origin. In a blog post, researchers at Russia-based safety agency Dr.Net wrote:

As a result of Android.Spy.1292.origin is embedded into a duplicate of the real app, it seems to be and operates as the unique, which permits it to remain undetected and execute malicious duties for longer intervals of time.
Every time it’s launched, the trojan collects and sends the next information to the C&C server:

• the consumer’s cell phone quantity and their accounts;
• contacts from the phonebook;
• the present date;
• the present geolocation;
• details about the information saved on the machine;
• the app’s model.

If there are information of curiosity to the risk actors, they’ll replace the app with a module that steals them. The risk actors behind Android.Spy.1292.origin are notably enthusiastic about confidential paperwork despatched over Telegram and WhatsApp. Additionally they present curiosity within the file locLog, the placement log created by Alpine Quest. The modular design of the app makes it attainable for it to obtain extra updates that increase its capabilities even additional.