A fake version of the Alpine Quest app was used to discreetly spy on Russian military Android devices by harvesting personal data and geolocation details, Hack Read reports.
According to cybersecurity firm Doctor Web, the app contained Android.Spy.1292.origin, a spyware strain capable of exfiltrating contact lists, phone numbers, stored files, and precise user movements. Posing as a free pro version, the altered app was distributed through a fraudulent Telegram channel and third-party app store, targeting users in military zones who rely on Alpine Quests offline maps. Each time the app was launched, data was sent to remote servers and a Telegram bot controlled by the attackers. Doctor Webs report noted the malwares modular structure allows it to be remotely updated for more targeted surveillance, including the extraction of files shared via messaging platforms like WhatsApp and Telegram. While attribution remains uncertain, experts say similar tactics have been used by Ukrainian hacktivists. Users are urged to avoid unofficial app downloads to reduce security risks.
According to cybersecurity firm Doctor Web, the app contained Android.Spy.1292.origin, a spyware strain capable of exfiltrating contact lists, phone numbers, stored files, and precise user movements. Posing as a free pro version, the altered app was distributed through a fraudulent Telegram channel and third-party app store, targeting users in military zones who rely on Alpine Quests offline maps. Each time the app was launched, data was sent to remote servers and a Telegram bot controlled by the attackers. Doctor Webs report noted the malwares modular structure allows it to be remotely updated for more targeted surveillance, including the extraction of files shared via messaging platforms like WhatsApp and Telegram. While attribution remains uncertain, experts say similar tactics have been used by Ukrainian hacktivists. Users are urged to avoid unofficial app downloads to reduce security risks.
