Security researchers have advised Ukrainian actors to be aware of downloading DDoS tools to utilize in attacks against Russia, as they might be laced with information stealing malware. Ukraine’s vice prime minister, Mykhailo Fedorov, organized a volunteer group referred to as the IT army of hackers to conduct DDoS attacks against Russian targets. Cisco Talos has recently warned that cybercriminals have been seeking to exploit the support for Ukraine and installing the secret malware to get back at Ukrainian hackers. Specifically, the firm stated that it detected DDoS tools available on Telegram were loaded with malware. On of the tools offered by a group called disBalancer is offering a tool called Liberator that has been spoofed by threat actors. The malware-affected version has been spread on different platforms.

The versions detected on Telegram were found to be malware, specifically an information stealer that was designed to compromise those who wanted to use the Liberator malware. Those behind the activity have been distributing infostealers since last November, stated Cisco. If Russia finds itself under severe or ongoing DDoS attack, the tactics could escalate. Cybersecurity researchers have also warned that the spoofing attacks could be originating from a privateer group, a state sponsored actor, or a nation state.

Read More: Ukrainian IT Army Hijacked by Info-stealing Malware