New Android Spyware Disguised as Alpine Quest App Targets Russian Military Personnel

Russian military personnel operating in conflict zones have been targeted by a sophisticated Android spyware campaign distributing modified versions of the Alpine Quest mapping app, which is widely used for tactical navigation. The malware, identified as Android.Spy.1292.origin, is embedded in older or pirated Pro versions of the app, often promoted through Russian app catalogs and fake Telegram channels. Once installed, the app functions normally while covertly harvesting sensitive data, including phone numbers, contact lists, geolocation logs, and file metadata. Attackers gain real-time location updates via Telegram bots and can download additional modules to exfiltrate confidential documents shared through messaging apps like Telegram and WhatsApp. Security analysts emphasize the apps strategic use in military operations, making it a high-value target for adversaries seeking to monitor troop movements and intercept operational communications. The campaign underscores risks posed by third-party app stores and cracked software, highlighting the need for strict verification of app sources to mitigate espionage threats. This incident reflects broader cybersecurity challenges in conflict zones, where dual-use tools become vectors for advanced surveillance.