Home News Hackers are using Zoom’s remote control feature to infect devices with malware
News

Hackers are using Zoom’s remote control feature to infect devices with malware

283

Researchers at Doctor Web have uncovered a new Android spyware campaign targeting Russian military personnel using a trojanized version of the Alpine Quest mapping app. The spyware, dubbed Android.Spy.1292.origin, is embedded in a fake version of the app and distributed through unofficial Russian Android catalogs and a fake Telegram channel. Alpine Quest is a legitimate GPS and topographic mapping app popular among athletes, travelers, and military personnel for its offline capabilities and precision.

The malicious app poses as a free, cracked version of Alpine Quest Pro, a paid version without ads and analytics. Once installed, it functions like the original app to avoid detection while collecting sensitive data. Each time the app is launched, it sends the user’s phone number, contacts, geolocation, file information, and app version to a command-and-control server and a Telegram bot controlled by the attackers. The spyware can also download additional modules to steal confidential files, particularly those shared via Telegram and WhatsApp, and the locLog file from Alpine Quest, which contains location history logs.

The modular design of Android.Spy.1292.origin allows attackers to remotely update it for more targeted surveillance and expand its capabilities to execute a wider range of malicious tasks. While attribution remains uncertain, experts suggest similar tactics have been used by Ukrainian hacktivists. To mitigate the risk posed by such threats, users are advised to download Android apps only from trusted app marketplaces and avoid downloading “free” paid versions of software from dubious sources. It is also important to verify app developers, as attackers often impersonate legitimate developers with similar names and logos. Google Play Protect automatically protects Android users against known versions of this malware.

Leave a comment

Leave a Reply

Your email address will not be published. Required fields are marked *

Related Articles

NewsSecurity

Telegram’s t.me Domain Goes Offline Worldwide After Registry Imposes ServerHold

Telegram’s t.me Links Go Offline After Domain Registry Places Hold on Address...

NewsSecurity

Critical U-Boot Flaws Could Let Hackers Install Stealthy Firmware Malware

New U-Boot Bootloader Flaws Could Enable Stealthy Firmware-Level Attacks Security researchers have...

NewsSecurity

Exposed Hacker Server Reveals Massive Campaign Compromising 25,000 WordPress Websites

Exposed Server Reveals 25,000 Hacked WordPress Websites in Large Cybercrime Campaign A...

NewsSecurity

Hidden Tenda Router Backdoor Gives Hackers Full Administrator Access

Hidden Backdoor in Tenda Router Firmware Allows Attackers to Gain Admin Access...