Ukrainian defense forces are targeted by cyber attacks involving the PLUGGYAPE malware since late 2025, attributed to Russian threat actors. The attacks utilize messaging platforms, phishing, and advanced malware techniques to compromise systems and steal data. #VoidBlizzard #PLUGGYAPE
Keypoints
- The Cyber Emergency Response Team of Ukraine reported malware attacks using the PLUGGYAPE backdoor from late 2025.
- Attackers leverage messaging apps like Signal and WhatsApp and impersonate charities to distribute malware links.
- PLUGGYAPE, written in Python, supports WebSocket and MQTT communications with dynamically updated C2 addresses.
- Cyber actors use legitimate Ukrainian mobile accounts and local language to carry out targeted phishing and social engineering.
- Additional malware tools like FILEMESS, OrcaC2, and GAMYBEAR are used for data exfiltration, system control, and password recovery.
Read More: https://thehackernews.com/2026/01/pluggyape-malware-uses-signal-and.html