iPhone 14 Pro vs. 13 Pro Cameras Tesla Optimus Robot Best Free VPNs Apple Watch 8 Deals AT&T Hidden Fee Settlement Google Pixel 7 Pro Preview Heating Older Homes National Taco Day
Want CNET to notify you of price drops and the latest stories?
No, thank you

​Russian Android malware tracked Ukrainian military: Report

Attackers hid malware within a legitimate app, giving hackers access to communication and location data, says security firm CrowdStrike.

Ukrainian President Petro Poroshenko
Ukrainian President Petro Poroshenko
presidential administration of Ukraine

Russian hackers likely affiliated with the country's military used malware on Android phones to track Ukrainian artillery personnel, a Thursday report from security firm CrowdStrike said.

The malware, from a group dubbed Fancy Bear, was hidden within legitimate software from a Ukrainian artillery officer and used by Ukrainian forces, CrowdStrike said in its report (PDF). It was distributed through online military forums. The app was supposed to help with artillery targeting operations, but included malware called X-Agent that could access phone communications, rough location data and contacts.

"A tool such as this has the potential ability to map out a unit's composition and hierarchy, determine their plans, and even triangulate their approximate location," the report said. "This type of strategic analysis can enable the identification of zones in which troops are operating and help prioritize assets within those zones for future targeting." The infected app was distributed from 2014 through 2016, CrowdStrike said.

Such malware would be a new example of the blurred lines between military war and cyberwar. The conflict between Russia and Ukraine over territory in eastern Ukraine and Crimea is particularly heated: Ukraine accused Russia of blocking governmental communications in 2014, and computer attacks in 2015 took down three Ukrainian power stations, according to security firm iSight. Again Ukraine laid the blame on Russia.

In the case of Fancy Bear, the software "reveals one more component of the broad spectrum approach to cyber operations taken by Russia-based actors in the war in Ukraine," CrowdStrike said. The tactical information the app provided "supports CrowdStrike's previous assessments that Fancy Bear is likely affiliated with the Russian military intelligence (GRU), and works closely with Russian military forces operating in Eastern Ukraine and its border regions in Russia," the report said.

The Ukrainian and Russian governments didn't immediately respond to a request for comment.