Russians are once again ramping up their efforts to snoop on Ukrainian soldiers.
Malware distributed using the encrypted messaging app Signal has targeted Ukraine's Defense Forces and employees of the Ukrainian defense industry.
Threat actors try to lure Ukrainians with phishing messages that appear to contain reports from meetings. In some cases, the attackers try to increase credibility by sending messages from compromised accounts that already are on the recipient’s list.
The messages contain a PDF and executable file DArkTortilla, which decrypts and executes Dark Crystal RAT (DCRat).
Dark Crystal RAT is a remote access trojan developed by Russians that allows attackers to monitor user activity, activate hardware microphones or cameras, access files, and steal sensitive data.
According to the Government Computer Emergency Response Team of Ukraine (CERT-UA), which issued a warning this week, the latest attacks were observed in March, while this particular activity was first documented last summer.
Since February, the attackers have also started sending bait messages related to electronic warfare and unmanned aerial vehicles.
The encrypted messaging app Signal is often targeted by Russian attackers. Last year, Ukraine’s State Special Communications Service reported that the same malware was used against the country’s civil service officials and military personnel.
Last month, Google Threat Intelligence detailed how Russian hackers abuse Signal accounts using the device-linking feature, which enables Signal to be used on multiple devices after scanning a QR code.
Your email address will not be published. Required fields are markedmarked