Google's findings suggest a Kremlin-backed operation using infostealing malware targeting Ukrainian military recruits via misleading software on Telegram and a deceiving website.
The malware campaign aims to manipulate victims into accessing UNC5812's 'Civil Defense' website, where they are promised software to find military recruits, but instead receive harmful malware.
The Android versions of the malware cleverly use social engineering to convince users to disable Play Protect, which normally prevents harmful software installation, thus compromising their devices.
Both Windows and Android malware rely on commonly available infostealers, with the Android variant being a form of CraxsRat, which employs backdoor functionalities to exploit devices.
Collection
[
|
...
]