Ukraine's Computer Emergency Response Team has disclosed an attack campaign exploiting the country's newly launched Reserve+ app for military service-eligible men to distribute the MeduzaStealer malware, reports The Record, a news site by cybersecurity firm Recorded Future.
Threat actors who are yet to be identified impersonated Reserve+ customer support on Telegram to lure targets into downloading a ZIP archive claiming to have instructions on appropriate data updating, which triggers the deployment of MeduzaStealer that exfiltrates certain files before removing itself from the compromised system, according to CERT-UA. While the impact of the MeduzaStealer malware compromise remains uncertain, more than 4.5 million Ukrainians were noted to have updated their personal information via the Reserve+ app. Such a development comes amid Russia-linked threat actors' increasingly prevalent exploitation of mobile apps to compromise the Ukrainian military, with the messaging app Signal leveraged to facilitate attacks delivering military system credential-stealing and soldier location-exposing malware.
