Russian hackers attack Ukrainians disguised as Kyivstar: how to recognize a dangerous message

Russian hackers are using the recent attack on the Kyivstar mobile operator to launch cyberattacks on ordinary Ukrainians. They send out emails with malware, which, when opened and run, infects the system with the RemcosRAT remote access program. At the same time, the hackers send emails under the guise of Kyivstar, which allegedly informs about the existence of debts under the contract.

This was reported by the State Special Communications Service. They noted that the hacker message can be recognized by:

• the subject line "debts under the Kyivstar contract";
• attachment in the form of an archive "Subscriber's debt.zip".

"Ukrainians have been receiving emails regarding 'Debts under the Kyivstar contract' containing an attachment in the form of a 'Subscriber's debt.zip' archive with attachments in the form of password-protected RAR archives. Opening the archive and running the file leads to infection with the RemcosRAT remote access program," the statement said.

It is emphasized: the distribution of letters on the topic "SBU Request" and attachments in the form of an archive "Documents.zip" was also recorded. It contains the password-protected RAR archive "Request.rar" with the executable file "Request.exe".

"Opening the archive and running the file, as in the previous case, leads to infection with the RemcosRAT remote access program," the State Special Communication Service said.

How to protect yourself

At the same time, they noted that it is possible to protect yourself from hacker mailings. To do this, you should "filter emails with password-protected programs at the mail gateway level." And that includes

• archives;
• documents.

Only verified information is available on the OBOZ.UA Telegram channel and Viber. Do not fall for fakes!