Summary: A malware campaign targeting Ukraine’s military personnel has emerged, utilizing a fake app installer that conceals malicious code. This malware exploits tools like PowerShell and Tor to execute stealthy operations while mimicking legitimate software.
Threat Actor: Unknown | unknown
Victim: Ukrainian Military | Ukrainian Military
Key Point :
- The malware is distributed via a fake installer for an app called “Army+,” which appears legitimate.
- A hidden script, init.ps1, bypasses security restrictions and establishes a backdoor for remote command execution.
- Files are strategically placed throughout the system to evade detection, including in OneDriveData and ssh folders.
- The malware exploits user trust by requesting administrative credentials during installation.
- This incident underscores the importance of downloading software from trusted sources and maintaining updated security measures.
Source: https://www.cysecurity.news/2025/01/malware-targets-ukrainian-military-via.html