Cyberattack detected using websites imitating Army+ page - State Special Communications Service of Ukraine
Kyiv • UNN
CERT-UA has detected a cyberattack on users of the Army+ application via fake websites. The attackers use malware to gain hidden access to computers via the Tor network.
Ukraine's governmental computer emergency response team CERT-UA warns of an active cyberattack aimed at users of the Army+ app for military personnel, the State Special Communications Service reported on Wednesday, UNN reports.
The attackers have created a number of fake websites that imitate the official page of the application. When visiting such resources, users are prompted to download an executable file called “ArmyPlusInstaller-v.0.10.23722.exe” (the name may change)
When a user downloads and runs a file, he or she unknowingly activates a program that gives access to his or her computer to intruders. The malicious program is running:
-Installs a hidden access program on your computer.
-Generates digital keys for logging into the system.
-Sends sensitive data to the attacker's server via the Tor network.
-Creates an opportunity for hidden access to the computer by attackers.
This scheme allows cybercriminals to gain control of infected computers while remaining invisible.
CERT-UA monitors this hostile activity under the UAC-0125 identifier.
There are sufficient grounds to believe that this attack is related to the well-known hacker group UAC-0002 (Sandworm), which has previously carried out similar attacks. In the first half of 2024, they used trojan files disguised as Microsoft Office programs to infect computers,” the SSSCU said.
The agency urged to be careful and contact CERT-UA if you suspect that you may have become a victim of an attack: [email protected], mob.+38 (044) 281-88-25.
