Cloudflare Flags Russian Messenger MAX as Spyware Amid Security Concerns

Severity: High (Score: 72.5)

Sources: Zamin.Uz, verstka.media, radar.cloudflare.com, Nashaniva, Mezha

Summary

Cloudflare has classified the Russian messaging app MAX, associated with the domain max.ru, as spyware due to its potential for covert data collection and transmission. This designation follows reports of unusual activity and security breaches linked to the app, which is promoted by the Russian government. The MAX messenger, available in 40 countries, is suspected of accessing users' messages, calls, and location data. Previously, a similar label was applied to the alternative Telegram client Telega, which was subsequently removed from app stores. The MAX app, developed by VK, has undergone recent updates, including the addition of features like polls and age verification. The app's spyware label raises significant concerns regarding user privacy and data security. As of now, the app remains available for download on major platforms despite the warnings. Key Points: • Cloudflare flagged the MAX messenger as spyware due to potential data collection. • The app is linked to Russian state surveillance and is available in 40 countries. • Previous similar labels have led to app removals from major app stores.

Key Entities

• Malware (attack_type)
• Russia (country)
• Russian Federation (country)
• Ukraine (country)
• ixbt.com (domain)
• max.ru (domain)
• 155.212.204.140 (ipv4)
• T1041 - Exfiltration Over C2 Channel (mitre_attack)
• T1056 - Input Capture (mitre_attack)
• T1071.001 - Web Protocols (mitre_attack)
• T1567 - Exfiltration Over Web Service (mitre_attack)
• App Store (platform)
• Google Play (platform)
• Telegram (platform)
• VK (company)