Do you think you are simply following routine steps to update your military records? In reality, you could unknowingly provide hackers access to your most private data. That is precisely what is happening to some Ukrainian men who are being targeted by cybercriminals using a sneaky malware called MeduzaStealer. Posing as tech support on Telegram, these hackers trick users into downloading malicious files, stealing sensitive data in the blink of an eye. It is the latest tactic in a threatening cyber war, where hackers are preying on those eligible for military duty, turning everyday apps into weapons of deceit.
MeduzaStealer has a history. In 2022, Russian-linked threat actors used it to steal login credentials, computer information, and data from password managers, specifically targeting Ukraine and Poland. The latest attack reveals that these hackers are now disguising themselves as customer support for Reserve+, a Ukrainian government app used to update personal data for military conscription.
Let us understand how the attack works. A Telegram account poses as technical support for Reserve+, asking users to download a ZIP file containing “instructions” on updating their military data. Once the victim opens the file, the malware gets into their device, stealing essential documents and information before disappearing without a trace.
Imagine getting a message from a tech support account saying they will help you update your personal info. You buy into it and follow what they tell you to do, not realizing you are handing over access to your private data to hackers. This is the exact way hackers are going after their targets.
CERT-UA, Ukraine’s cyber defense team, revealed this malware distribution but has not yet provided details on how many people fell for it. However, given that over 4.5 million Ukrainians use Reserve+, the scope of the threat is significant. Also, earlier this year, the Ukrainian Defense Ministry discovered three fake Reserve+ apps meant to collect personal information for future cyber attacks or psychological warfare.
This attack shows a growing trend in using fake apps and messaging platforms like Telegram and Signal to target military personnel. This underlines how crucial cybersecurity awareness is during wartime.
