Android malware bites back in the real world.

travisdh1

Original Articles

• AienVault
• Crowdstrike

"Today CrowdStrike is releasing publicly an intelligence report which was circulated to CrowdStrike Falcon Intelligence customers detailing the use of the trojanized ‘Попр-Д30.apk’ application by the Ukrainian military and the deadly repercussions inflicted on that platform by Russian forces."

The Ukrainian military distributed a malware infected application to their D-30 Howitzer units. They've lost 80% of those units, most probably due to the Russian military easily tracking the location of the Android devices with the malware infected version of the software.

I'd say that went beyond criminally negligent.

scottalanmiller

Wow, just... wow.

travisdh1

@scottalanmiller said in Android malware bites back in the real world.:

Wow, just... wow.

Yeah.

scottalanmiller

Android seems like a really bad choice for high security applications, like military. Custom Raspberry Pis with super locked down Linux general purpose OSes would make more sense.

travisdh1

@scottalanmiller said in Android malware bites back in the real world.:

Android seems like a really bad choice for high security applications, like military. Custom Raspberry Pis with super locked down Linux general purpose OSes would make more sense.

Any consumer cellular devices period, I can easily triangulate a cell phone with very little hardware investment.

scottalanmiller

@travisdh1 said in Android malware bites back in the real world.:

@scottalanmiller said in Android malware bites back in the real world.:

Android seems like a really bad choice for high security applications, like military. Custom Raspberry Pis with super locked down Linux general purpose OSes would make more sense.

Any consumer cellular devices period, I can easily triangulate a cell phone with very little hardware investment.

Do we know that they were consumer phones? I didn't look into it. You can put Android on non-phones, too.

travisdh1

@scottalanmiller said in Android malware bites back in the real world.:

@travisdh1 said in Android malware bites back in the real world.:

@scottalanmiller said in Android malware bites back in the real world.:

Android seems like a really bad choice for high security applications, like military. Custom Raspberry Pis with super locked down Linux general purpose OSes would make more sense.

Any consumer cellular devices period, I can easily triangulate a cell phone with very little hardware investment.

Do we know that they were consumer phones? I didn't look into it. You can put Android on non-phones, too.

True. I was assuming because the malware was able to stay in contact somehow. Might have been on a dedicated military network with just 1 connection to the outside.

IRJ

@travisdh1 said in Android malware bites back in the real world.:

@scottalanmiller said in Android malware bites back in the real world.:

@travisdh1 said in Android malware bites back in the real world.:

@scottalanmiller said in Android malware bites back in the real world.:

Android seems like a really bad choice for high security applications, like military. Custom Raspberry Pis with super locked down Linux general purpose OSes would make more sense.

Any consumer cellular devices period, I can easily triangulate a cell phone with very little hardware investment.

Do we know that they were consumer phones? I didn't look into it. You can put Android on non-phones, too.

True. I was assuming because the malware was able to stay in contact somehow. Might have been on a dedicated military network with just 1 connection to the outside.

Very interesting article...

You don't have to hack hundreds of phones. Have 3-5 important android devices may be enough to nearly paint a full picture.

scottalanmiller

@IRJ said in Android malware bites back in the real world.:

@travisdh1 said in Android malware bites back in the real world.:

@scottalanmiller said in Android malware bites back in the real world.:

@travisdh1 said in Android malware bites back in the real world.:

@scottalanmiller said in Android malware bites back in the real world.:

Android seems like a really bad choice for high security applications, like military. Custom Raspberry Pis with super locked down Linux general purpose OSes would make more sense.

Any consumer cellular devices period, I can easily triangulate a cell phone with very little hardware investment.

Do we know that they were consumer phones? I didn't look into it. You can put Android on non-phones, too.

True. I was assuming because the malware was able to stay in contact somehow. Might have been on a dedicated military network with just 1 connection to the outside.

Very interesting article...

You don't have to hack hundreds of phones. Have 3-5 important android devices may be enough to nearly paint a full picture.

And one might attack another.