From the past few days, a DDoS tool dubbed ‘Phoenix’ is doing rounds on the internet claiming to support Ukraine and useful to launch a denial of service attack on the IT Infrastructure of Russia.
But in reality, it is a tool that instead steals cryptocurrency from the downloaded device and acts as a data stealing tool, thereafter.
Security researchers from Cisco Talos have confirmed the ongoing campaign and asked Pro-Ukraine hackers not to download tools offering Distributed denial of Service (Ddos) attack via Telegram.
Phoenix is a key logging tool that has emerged from 2019 and in just a few months’ time transformed into an information stealing malicious software that can not be detected by anti-malware solutions and any threat monitoring solutions..that’s serious indeed!
The aim behind releasing such malware is simple: to target hackers who are against the Russian invasion on Ukraine, especially those from west and to mint money and other classified information that can later conduct cyber attacks, in the future.
Other malware that is being circulated on the internet in disguise of a legitimate DDoS attack tool is named Disbalancer and researchers from Cisco Talos stated tool is being targeted at government agencies that are supporting Ukraine in defending their critical infrastructure against digital assaults.
For instance, NCSC of UK is helping Zelensky’s nation in protecting its government websites from being targeted with malware or digital invasions. So, Disbalancer is being targeted at employees working in cyber field, mainly those working for government agencies and is aimed to take down such forces giving an upper hand to Putin led nation, thenceforth.