Cloudflare Flags Russian 'Max' Messenger as Spyware Amid Security Concerns

Severity: Medium (Score: 55.0)

Sources: verstka.media, Zamin.Uz, Ukranews, Nashaniva

Summary

Cloudflare has flagged the domain max.ru, associated with the Russian national messenger 'Max', as spyware due to concerns over covert data collection. This follows a similar action taken against the alternative Telegram client, Telega, which was subsequently removed from app stores. The 'Max' messenger, developed by VK, offers various services including messaging, calls, and money transfers. As of now, the application remains available on both the App Store and Google Play, despite the spyware label. The Russian government is reportedly pushing users to migrate to this messenger, raising concerns about privacy and data security. The app's name was recently changed to 'MAKS' to reflect its expanded capabilities. An age verification system was also launched for retail customers through the app. The situation highlights ongoing geopolitical tensions and the potential misuse of technology for surveillance. Key Points: • Cloudflare flagged max.ru as spyware, indicating serious security concerns. • The Russian government is mandating the use of the 'Max' messenger, affecting user privacy. • The app remains available on major platforms despite the spyware classification.

Key Entities

• Malware (attack_type)
• Russia (country)
• Ukraine (country)
• ixbt.com (domain)
• max.ru (domain)
• T1041 - Exfiltration Over C2 Channel (mitre_attack)
• App Store (platform)
• Google Play (platform)