The spyware, which was discovered by researchers at Russian mobile antivirus company Doctor Web, hides inside a fully working Alpine Quest app, reducing suspicion and creating valuable data theft opportunities. A new Android malware has been discovered hidden inside trojanized versions of the Alpine Quest mapping app, which is reportedly used by Russian soldiers as part of war zone operational planning. Attackers promote the trojanized app as a free, cracked version of the premium Alpine Quest Pro, using Telegram channels and Russian app catalogs for distribution. Bill Toulas Bill Toulas is a tech writer and infosec news reporter with over a decade of experience working on various online publications, covering open-source, Linux, malware, data breach incidents, and hacks. More recently, in February 2025, Google researchers revealed that Russian threat actors of the APT44 group used malicious QR codes to trick targets into syncing their Signal accounts with unauthorized devices. The tactic of targeting soldiers was previously associated with Russian hacking operations, often linked to state-sponsored threat groups collecting intelligence for the Russian army. In December 2022, hackers using a compromised Ukrainian Ministry of Defense email account attempted subsequent infections by using DELTA, a Ukrainian intelligence collection and management system as bait. The discovery of the trojanized AlpineQuest app shows that these sneaky attacks are orchestrated from both ends of the conflict, as intelligence collection remains crucial in gaining battlefield advantage. AlpineQuest is a legitimate GPS and topographic mapping app for Android used by adventurers, athletes, search-and-rescue teams, and military personnel, valued for its offline capabilities and precision.
This Cyber News was published on www.bleepingcomputer.com. Publication date: Wed, 23 Apr 2025 18:35:10 +0000