Malware is nothing new to Android. The open source nature of the beast means that, with some knowledge of coding, nearly anything can be accomplished. However, it is not often that we hear of military agencies using malware directly. According to a report released today, from American cyber security company CrowdStrike, one such incident has occurred. The malware was reportedly released to an app used by the Ukrainian military, by a group called Fancy Bear. Fancy Bear is believed to have ties to the Russian military and to have been involved in a previous attack on the DNC. They're also said to have previously published malware to iOS devices, but not to Android.
According to the source, an investigation begun around an Android package containing Russian military language artifacts. Further investigation linked that particular Android filename to an artillery weapon in use today by the Ukrainian military. The app is said to have initially been developed by an officer of the Ukrainian Artillery Brigade to reduce the firing time of the weapon. The report also claims that the app would never have been pushed through the Google Play Store, as there is no evidence that it was ever published there. The report claims that if ‘X-Agent’, the name of the malware as given in the report, was deployed, it would have provided accurate location records for the artillery units to Russia-backed Ukrainian rebel groups. The results of artillery battles seem to confirm that it was deployed successfully.
Since 2014, 50% of Ukrainian artillery has been lost. Perhaps more startling, 80% of the artillery units affected by the malware has been lost. The report concludes that the malware was used to track the artillery units, providing the Russia-backed forces with a strategic advantage in a battle setting that artillery is a pivotal part of. The tracking resulted in greater loss of artillery for Ukraine and accounts for the discrepancy between the losses of all Ukrainian artillery as compared to the losses of the specific artillery the malware is said to have been tracking. As technology advances and becomes a greater part of overall battlefield strategy, it is possible that the number of data breaches in cyber warfare will increase.