Malware Posing as Russia DDoS Tool Hits Pro-Ukraine Hackers
Several cyber activist groups have joined the fight to disrupt Russia’s infrastructure and attempt to cause chaos. They use resources to target key sectors of the Russian government such as the state-controlled news agencies and official government websites. But Russian malware is making the rounds disguised as a pro-Ukrainian program to help activism groups. The program is disguised as a DDOS (Distributed Denial of Service) program meant to bring Russian websites to their knees and take them down temporarily. The program is actually a piece of malware called “Phoenix”, an info stealer that siphons credentials and cryptocurrency info from the target’s devices using keylogging.
Phoenix emerged in 2019 and quickly became the top-shelf product of its category with powerful anti-detection modules, meaning anti-virus has a hard time finding it. The malware dressed in sheep’s clothing is just one more bump in the cyber-threat which has been going through massive changes leading up to and during Russia’s invasion of Ukraine. The crisis has brought both new threats and an influx of actors providing their tools to the side they support.
A prime example of this is the Conti ransomware gang. A Russian gang that developed and sold their ransomware to other threat actors for them to use. Allowing anyone with the know-how to buy an off-the-shelf ransomware product and use it to target whoever they deem a target.
The info-stealer is just one example of the ways that cybercriminals are using the crisis in Ukraine to line their pockets. In this case, cybercriminals were distributing an info-stealer in an apparently profit-motivated campaign. but it could have been much worse, it could have been a more sophisticated state-sponsored threat group acting on behalf of a nation-state.
Although this piece of malware might not sound like it would affect us, Russia has been known in the past to use widespread targeting where they don’t necessarily target a specific group but instead get it out to as many people as possible. This malware may also appear in different forms and not just a pro-Ukrainian DDOS tool.
Cyber Wise is reminding users to be wary of installing software from unknown or untrusted sources and validating the software where possible. You should also always be wary of attachments on emails and visually inspect them to ensure they are trusted. We also cover the precautions you should be taking with the rising threat of Russian cyber-attacks in another blog here.