INSUBCONTINENT EXCLUSIVE:
Russian military personnel are being targeted with recently discovered Android malware that steals their contacts and tracks their
location.The malware is hidden inside a modified app for Alpine Quest mapping software, which is used by, among others, hunters, athletes,
and Russian personnel stationed in the war zone in Ukraine
The app displays various topographical maps for use online and offline
The trojanized Alpine Quest app is being pushed on a dedicated Telegram channel and in unofficial Android app repositories
The chief selling point of the trojanized app is that it provides a free version of Alpine Quest Pro, which is usually available only to
paying users.The malicious module is named Android.Spy.1292.origin
In a blog post, researchers at Russia-based security firm Dr.Web wrote:Because Android.Spy.1292.origin is embedded into a copy of the
genuine app, it looks and operates as the original, which allows it to stay undetected and execute malicious tasks for longer periods of
version.If there are files of interest to the threat actors, they can update the app with a module that steals them
The threat actors behind Android.Spy.1292.origin are particularly interested in confidential documents sent over Telegram and WhatsApp
They also show interest in the file locLog, the location log created by Alpine Quest
The modular design of the app makes it possible for it to receive additional updates that expand its capabilities even further.
