Russia and Ukraine design cracked background with hand holding phone with A30B Russian app on screen centered

helloRuby/Shutterstock Threat Analysis Group (Licensed)

An app designed to aid in efforts to hack Russian infrastructure was actually a Russian honeypot

Google’s Threat Analysis Group says Russian hackers tied to the Kremlin developed the malicious app.


Mikael Thalen


An alleged Ukrainian app purportedly designed to carry out Distributed Denial of Service (DDoS) attacks against Russia was actually just malware developed by Russian hackers, researchers with Google say.

In a blog post from Google’s Threat Analysis Group (TAG) on Tuesday, the hacking group known as Turla is accused of creating a malicious Android app designed to monitor its users. Numerous cybersecurity firms believe Turla works for the Russian federal security service.

The app—known as CyberAzov, a reference to the far-right Ukranian group Azov Regiment—was free to download online and promised to let users “help stop Russian aggression against Ukraine.”

“We are a community of free people around the world who are fighting against Russia’s aggression,” a description on the app’s website states. “We recruit motivated people who are ready to help us in our cause. We have developed an Android application that attacks the Internet infrastructure of Russia.”

Shane Huntley, the head of Google’s TAG, told Motherboard that the app’s purpose was to determine who would be interested in carrying out such attacks against Russia.

“Now that they have an app that they control, and they see where it came from, they can actually work out what the infrastructure looks like, and work out where the people that are potentially doing these sorts of attacks are,” Huntley said. 

TAG notes that this appears to be the first time that Turla has openly distributed malware aimed at Android devices. Although the app was never hosted by the Google Play Store, the hackers promoted CyberAzov on its website as well as on third-party messaging services.

TAG says the number of downloads was “minuscule” and that no impact could be seen for regular Android users.

The discovery of the malicious app comes as Russia’s 2022 invasion of Ukraine prepares to stretch into its fifth month. The invasion has led to an unprecedented hacktivism campaign against the Kremlin.

Read more of the Daily Dot’s tech and politics coverage

Nevada’s GOP secretary of state candidate follows QAnon, neo-Nazi accounts on Gab, Telegram
Court filing in Bored Apes lawsuit revives claims founders built NFT empire on Nazi ideology
EXCLUSIVE: ‘Say hi to the Donald for us’: Florida police briefed armed right-wing group before they went to Jan. 6 protest
Inside the Proud Boys’ ties to ghost gun sales
‘Judas’: Gab users are furious its founder handed over data to the FBI without a subpoena
EXCLUSIVE: Anti-vax dating site that let people advertise ‘mRNA FREE’ semen left all its user data exposed
Sign up to receive the Daily Dot’s Internet Insider newsletter for urgent news from the frontline of online.
The Daily Dot