An alleged Ukrainian app purportedly designed to carry out Distributed Denial of Service (DDoS) attacks against Russia was actually just malware developed by Russian hackers, researchers with Google say.
In a blog post from Google’s Threat Analysis Group (TAG) on Tuesday, the hacking group known as Turla is accused of creating a malicious Android app designed to monitor its users. Numerous cybersecurity firms believe Turla works for the Russian federal security service.
The app—known as CyberAzov, a reference to the far-right Ukranian group Azov Regiment—was free to download online and promised to let users “help stop Russian aggression against Ukraine.”
“We are a community of free people around the world who are fighting against Russia’s aggression,” a description on the app’s website states. “We recruit motivated people who are ready to help us in our cause. We have developed an Android application that attacks the Internet infrastructure of Russia.”
Shane Huntley, the head of Google’s TAG, told Motherboard that the app’s purpose was to determine who would be interested in carrying out such attacks against Russia.
“Now that they have an app that they control, and they see where it came from, they can actually work out what the infrastructure looks like, and work out where the people that are potentially doing these sorts of attacks are,” Huntley said.
TAG notes that this appears to be the first time that Turla has openly distributed malware aimed at Android devices. Although the app was never hosted by the Google Play Store, the hackers promoted CyberAzov on its website as well as on third-party messaging services.
TAG says the number of downloads was “minuscule” and that no impact could be seen for regular Android users.
The discovery of the malicious app comes as Russia’s 2022 invasion of Ukraine prepares to stretch into its fifth month. The invasion has led to an unprecedented hacktivism campaign against the Kremlin.