Threat actors are taking advantage of people’s desire to join Ukraine’s IT army to infect them with malware.

The threat actors are doing this by promoting a fake DDoS tool on Telegram. The tool is said to have the capacity to install a password and information-stealing trojan.

According to Cisco Talos researchers, the fake DDoS tool mimics a DDoS tool called the “Liberator.” Liberator is a website bomber used against Russian propaganda outlets.

The versions of the tool downloaded from the real site are “clean” and are considered illegal to use. However, those circulated on Telegram channels are fake and hide malware payloads.

It is difficult to differentiate the original tool from the fake since the two tools are not signed digitally.

Researchers urged users not to join others in conducting cyberattacks. Apart from the fact that those engaging in such attacks could have issues with their country’s law enforcement agencies, they could also expose themselves to attacks.