X-Agent for Android

X-Agent for Android is Android malware that was placed in a repackaged version of a Ukrainian artillery targeting application. The malware reportedly retrieved general location data on where the victim device was used, and therefore could likely indicate the potential location of Ukrainian artillery. [1] Is it tracked separately from the CHOPSTICK.

ID: S0314
Type: MALWARE
Platforms: Android
Version: 1.1

Techniques Used

Domain ID Name Use
Mobile T1430 Location Tracking

X-Agent for Android was believed to have been used to obtain locational data of Ukrainian artillery forces.[1]

Mobile T1444 Masquerade as Legitimate Application

X-Agent for Android was placed in a repackaged version of an application used by Ukrainian artillery forces.[1]

Groups That Use This Software

ID Name References
G0007 APT28 [1]

References