Even within the confines of Max, the messaging platform mandated by Moscow as a ‘secure’ alternative to Western applications, a troubling virus is making its rounds, targeting users’ payment information. Official statistics indicate that Max boasts 100 million registered profiles, a number inflated by the requirement for public administration interactions. However, the knowledge that conversations are under surveillance has led many Russians to utilize the app on a separate device.
The Emergence of Mamont
Known as Mamont, or “Mammoth,” this virus has been identified within the patriotic messenger app Max, which is being enforced with increasing rigor across Russian institutions and among citizens. This malicious program is adept at pilfering users’ payment details by infiltrating online banking applications.
In essence, Mamont is a virus familiar to users of basic Android devices, spreading primarily through family and parental chat groups. Cybercriminals exploit this platform to hack accounts and disseminate highly harmful files, aiming to access communications and bank codes, ultimately leading to the theft of users’ funds and personal information.
Leonid Juldašev, coordinator of the eQualitie project, elaborates on the virus’s modus operandi. It often initiates with a seemingly innocent message: “Is that you in this video?” This prompts users to click, leading to a screen that may display a loading page or a malfunctioning video player, ostensibly reporting a technical issue. In reality, a Trojan is silently downloaded onto the smartphone, a term used to describe programs that operate without the user’s awareness, siphoning off their data.
Despite the claims of Russian authorities and official propaganda, which herald Max as a “safe space” in contrast to WhatsApp and Telegram—both of which are blocked under the guise of combating cyber fraud—the emergence of the Mamont virus was noted in early March, coinciding with the mandatory transition to Max due to Telegram restrictions, as experts have pointed out.
Cyber-lawyer Sarkis Darbinyan notes that “people are increasingly placing their trust in private chats, where it is presumed that only familiar individuals are participating. This heightened trust in exchanged messages is precisely what fraudsters exploit to gain confidence.”
In response to concerns, the press service of the patriotic messenger asserts that “the spread of a virus on Max does not correspond to reality,” assuring users that their security center is actively preventing and blocking any infiltration attempts. However, Darbinyan emphasizes that phishing attacks can occur across any messaging platform—be it Max, Telegram, or Delta Chat—because these attacks exploit user psychology rather than relying solely on technological defenses, allowing for a wide array of deceptive tactics to succeed.
The unique characteristic of Max lies in its capacity for state bodies to monitor conversations. As the expert highlights, “it is crucial for users to recognize that all their data is continuously recorded by the state, presenting numerous threats to personal security, particularly for those who place undue trust in this messaging app.”
According to the press office, Max currently has 100 million registered users, with a daily active audience of approximately 70 million. However, reports from Agenstvo suggest that a significant portion of these accounts are linked to state offices or have been created under the obligatory directives of public entities.
Juldašev observes a palpable resistance among the populace to adopt Max as their primary communication platform. Many individuals prefer to maintain a second phone, colloquially referred to as Maxofon, to comply with Max usage requirements while keeping their primary device free for less ‘patriotic’ applications.
When necessary, the Maxofon is presented to superiors and employers, facilitating conversations with government services, payments, electronic signatures, and digital identification—all of which, unfortunately, also attract the attention of cyber-fraudsters.
