A new Android spyware campaign is targeting Russian military personnel by hiding malicious code inside a popular mapping app, says cybersecurity firm Doctor Web.
The spyware, identified as Android.Spy.1292.origin, is embedded in a modified version of the Alpine Quest mapping application. It is being distributed through unofficial app sources, including a Russian Android app catalog and a fake Telegram channel posing as the app’s developer.
Alpine Quest is widely used for topographic mapping in both online and offline modes. While it’s popular among outdoor enthusiasts, it’s often used by Russian soldiers in active combat zones, too. The attackers appear to be exploiting this fact, luring users with a seemingly free “Pro” version of the app.
Once installed, the spyware silently collects and transmits sensitive data, including:
- The device owner’s phone number and associated accounts
- All phonebook contacts
- Real-time geolocation updates
- A full list of stored files
- App version details
The stolen data is sent to a command-and-control (C&C) server and also duplicated to the bad actors via a Telegram bot. In a concerning twist, the malware can download additional modules on command—allowing malefactors to steal specific files, such as location logs or documents shared through Telegram and WhatsApp.
Because the trojanized version looks and behaves like the legitimate app, users are unlikely to suspect foul play. This stealth approach enables long-term spying and data theft.
There’s No Free Lunch
Cybersecurity experts are urging users to avoid downloading apps from unofficial sources—particularly when paid apps are offered for free. Doctor Web also recommends verifying the identity of app publishers, as threat actors often mimic legitimate developers with similar names and branding.
For protection, Doctor Web advises using antivirus software that can detect and remove this and other Android threats.
Information Security Buzz News Editor
Kirsten Doyle has been in the technology journalism and editing space for nearly 24 years, during which time she has developed a great love for all aspects of technology, as well as words themselves. Her experience spans B2B tech, with a lot of focus on cybersecurity, cloud, enterprise, digital transformation, and data centre. Her specialties are in news, thought leadership, features, white papers, and PR writing, and she is an experienced editor for both print and online publications.
The opinions expressed in this post belong to the individual contributors and do not necessarily reflect the views of Information Security Buzz.