According to Google’s Threat Analysis Group, the infamous Russian-linked Sandworm hacking group — Sandworm — has been caught repeatedly uploading fake apps to the Google Play Store.
Even worse, this same group was behind the NotPetya malware attacks on the 2018 Winter Olympics.
In a blog post, Google said the attacks began in 2017 when the group uploaded eight different apps to the Play Store in an attempt to target victims in South Korea.
Although the attack was unsuccessful — each app had fewer than ten installs — Google believes the targets were highly selective.
Then in 2018, the group began inserting backdoors into the apps of legitimate developers in Ukraine.
Luckily, however, the Google Play team “caught the attempt at the time of upload. As a result, no users were infected, and we were able to re-secure the developer’s account.”
In addition to the bogus apps, Google also revealed that it detected what appeared to be Russian disinformation campaigns in several African countries.
“We terminated the associated Google accounts and 15 YouTube channels, and we continue to monitor this space.”
Similar campaigns were also discovered in the Indonesian provinces Papua and West Papua “with messaging in opposition to the Free Papua Movement.”
Google, however, assures users that it is working to eliminate these threats. And, going forward, the company hopes that “shining more light on these actors will be helpful to the security community, deter future attacks, and lead to better awareness and protections among high-risk targets.”