"From late 2014 and through 2016, FANCY BEAR X-Agent implant was covertly distributed on Ukrainian military forums within a legitimate Android application… Successful deployment of the FANCY BEAR malware within this application may have facilitated reconnaissance against Ukrainian troops. The ability of this malware to retrieve communications and gross locational data from an infected device makes it an attractive way to identify the general location of Ukrainian artillery forces and engage them," the report said.
"The capability of the malware includes gaining access to contacts, Short Message Service (SMS) text messages, call logs, and internet data, and FANCY BEAR would likely leverage this information for its intelligence and planning value," the report said.
CrowdStrike highlighted that the app was likely "only the initial iteration of this type of malware," warning of potential use of such a malware to hack political and government sectors.
In early December, CrowdStrike accused the Fancy Bear hackers of cyberattacks on Hillary Clinton campaign headquarters, as well as on Democratic National Committee, in order to secure victory of Republican Donald Trump. However they have not provided any evidence of Russia's involvement in hacking attacks, while Moscow has denied the accusations.
