Security researchers have warned pro-Ukrainian actors of employing DDoS tools to attack Russia, as they may be ridden with info-stealing malware.
In late February, Ukrainian vice prime minister, Mykhailo Fedorov, called for a volunteer “IT army” of hackers to DDoS Russian targets.
Cisco Talos has claimed that many cyber criminals are attempting to exploit the outpouring of support for Ukraine, amidst the Russian invasion of the country.
The organisation detected several posts on Telegram offering DDoS tools loaded with malware.
Specifically, it detected posts on Telegram offering DDoS tools which were actually loaded with malware.
One such tool, dubbed “Liberator,” is offered by a group calling itself “disBalancer.” The original tool is legitimate, but is being spoofed by threat actors.
“The file offered on the Telegram page ended up being malware, specifically an infostealer designed to compromise unwitting users,” it explained.
“The malware in this case dumps a variety of credentials and a large amount of cryptocurrency-related information, including wallets and metamask information, which is commonly associated with non-fungible tokens (NFTs).”
The vendor has warned that there is no way to differential between legitimate and spoof tools.