According to a report by Cisco Talos, threat actors are distributing malware to volunteers in the Ukrainian IT army by promoting a false distributed denial of service DDoS tool on Telegram. The threat actors are mimicking a DDoS tool known as the 'Liberator', which is used against Russian propaganda outlets, and is not inherently malicious. However, once users download the altered file which is promoted on Telegram, it instals a password and data-stealing trojan on their computers.