Monday, January 18, 18:00
Home security Google: Abolished Android app spying on protesters in Belarus

Google: Abolished Android app spying on protesters in Belarus

Η Google removed this week from Play Store an Android app called NEXTA LIVE (com.moonfair.wlkm), which was used to collect staff data by anti-government protesters in Belarus. This app has been available for about three weeks on the Android Play Store. By the time it was removed, the app had been downloaded and installed by users thousands of times, and had also received hundreds of reviews.

To motivate users to download it, NEXTA LIVE was introduced as its official Android app Nexta, an independent news agency in Belarus, which has become quite popular with anti-Lukashenko protesters following police violence during recent anti-government protests in Belarus.

protesters Belarus

However, Nexta told Telegram last week that the app had nothing to do with its service and that it was designed to collect user data to determine the identity of the protesters. So Nexta warned users not to install it. Nexta also asked users to immediately uninstall the app from Appliances rate it poorly and report it to Google. This bulk reporting strategy proved effective and the app was removed this week. However, for many users the damage has already been done.

Android app Belarus

According to a Belarusian security researcher, whose identity will not be revealed for the protection of confidentiality of, the app was designed for mass data collection purposes. In particular, in a brief analysis shared with Nexta readers, he stated that the app was designed to collect location data, information about the owner of each device and subsequently upload the data to a remote server Periodically.

In addition, Gabriel Cîrlig, Android researcher malware, stated that the app appears to be communicating with a domain hosted on a Russian IP address on the website arcpi.nextialive.roimaster [.] (89.223.89 [.] 47). Both the domain and the IP address do not refer to threat information streams, as they do not appear to be associated with previous malware campaigns. However, the same IP address has hosted other suspicious domains in the past - for example, the website hackappnewcrmuzbekistan.roimaster [.]Which indicates that there is more to this server than it may seem.

However, a location data collection feature has no place in a news-focused app, let alone one that is popular with anti-government protesters, in a politically unstable country currently ruled by an authoritarian leader struggling to remain in power.

protesters Belarus

Although there is no apparent link between the fake Nexta app and the Minsk government, this will not be the first time a government has tried to spy on its citizens in the midst of anti-government protests in order to identify anti-government protesters. Similar incidents had taken place in Venezuela and Iran in 2019, but also on USA, earlier this year, during demonstrations of the "Black Lives Matter" movement.

In addition, citizens of Belarus are reasonably wary of the app and consider it possible that it is linked to the government, given that earlier this year Belarusian police raided the offices of Yandex and Uber, in what the protesters described as attempt to obtain route location data, to determine who took part in the anti-government protests.


Please enter your comment!
Please enter your name here

Every accomplishment starts with the decision to try.


Google Cloud: We use some SolarWinds, but we were not affected by the hack

Google Cloud CISO Phil Venables has revealed that the cloud uses software from the vendor, SolarWinds, but states that the use ...

Scotland Environment Service: ransomware continues to affect us

The Scottish Environmental Protection Agency (SEPA) has confirmed that it was hit by a ransomware attack last month and continues to face ...

Backdoors and vulnerabilities were discovered in FiberHome routers

Backdoors and other vulnerabilities have been discovered in the firmware of a popular FiberHome FTTH ONT router. FTTH ONT stands for Fiber-to-the-Home Optical Network ...

GitHub apologizes to an employee who fired! What happened;

GitHub has admitted that it was wrong to fire a Jewish official who made "anti-Nazi" comments about the Capitol riots.

By 2030 AI will replace the people of cybersecurity

Security company Trend Micro recently conducted a new survey that reveals that more than two-fifths (41%) of IT leaders believe ...

Chinese Winnti APT targets organizations in Russia and other countries!

Security researchers at Positive Technologies have uncovered a series of attacks carried out by a Chinese APT hacking team targeting organizations in Russia ...

Silicon Valley is investing a huge amount of money in India

From March to November, even when COVID-19 destroyed economies around the world, the richest man in India ...

Microsoft, Salesforce, Oracle are designing a digital vaccination passport

A Covid digital vaccination passport is being developed jointly by a team of health and technology companies, as well as governments, airlines and ...

Google removes Chrome Sync from third-party browsers

Google says it will block the use of private Google APIs by third-party Chromium web browsers after discovering that ...

Medical records of railway workers and drivers were leaked

UPS and Norfolk Southern are examining whether the medical records of employees were compromised, after the publication of health data of truck drivers and employees ...