Russia and Ukraine design cracked background with hand holding phone with A30B Russian app on screen centered

helloRuby/Shutterstock Threat Analysis Group (Licensed)

An app designed to aid in efforts to hack Russian infrastructure was actually a Russian honeypot

Google's Threat Analysis Group says Russian hackers tied to the Kremlin developed the malicious app.


Mikael Thalen


Posted on Jul 19, 2022   Updated on Jul 19, 2022, 1:55 pm CDT

An alleged Ukrainian app purportedly designed to carry out Distributed Denial of Service (DDoS) attacks against Russia was actually just malware developed by Russian hackers, researchers with Google say.

In a blog post from Google’s Threat Analysis Group (TAG) on Tuesday, the hacking group known as Turla is accused of creating a malicious Android app designed to monitor its users. Numerous cybersecurity firms believe Turla works for the Russian federal security service.

The app—known as CyberAzov, a reference to the far-right Ukranian group Azov Regiment—was free to download online and promised to let users “help stop Russian aggression against Ukraine.”

“We are a community of free people around the world who are fighting against Russia’s aggression,” a description on the app’s website states. “We recruit motivated people who are ready to help us in our cause. We have developed an Android application that attacks the Internet infrastructure of Russia.”

Shane Huntley, the head of Google’s TAG, told Motherboard that the app’s purpose was to determine who would be interested in carrying out such attacks against Russia.

“Now that they have an app that they control, and they see where it came from, they can actually work out what the infrastructure looks like, and work out where the people that are potentially doing these sorts of attacks are,” Huntley said. 

TAG notes that this appears to be the first time that Turla has openly distributed malware aimed at Android devices. Although the app was never hosted by the Google Play Store, the hackers promoted CyberAzov on its website as well as on third-party messaging services.

TAG says the number of downloads was “minuscule” and that no impact could be seen for regular Android users.

The discovery of the malicious app comes as Russia’s 2022 invasion of Ukraine prepares to stretch into its fifth month. The invasion has led to an unprecedented hacktivism campaign against the Kremlin.

Read more of the Daily Dot’s tech and politics coverage

EXCLUSIVE: Leaked documents reveal TikTok’s online and IRL efforts to keep employees from talking about ties to China
Martin Shkreli is using Google Docs to find women who f*ck on the first date
The Babylon Bee’s owner is leading a campaign against ‘grooming’—he’s also helping Matt Gaetz get re-elected
Ex-Black Hammer members detail Gazi Kodzo’s abusive ‘cult,’ which culminated in arrests for kidnapping and sexual assault
Is Democrats’ new net neutrality bill just a 2022 midterms ploy?
EXCLUSIVE: Anti-vax dating site that let people advertise ‘mRNA FREE’ semen left all its user data exposed
Sign up to receive the Daily Dot’s Internet Insider newsletter for urgent news from the frontline of online.
Share this article
*First Published: Jul 19, 2022, 1:23 pm CDT