Russian language media outlets reported this week that a prototype of a new homegrown virus analysis service, to be called Multiscanner, will be released later this year and fully operational in 2025.

A website has already been reserved for the service, virustest.gov.ru, but doesn’t yet have any content. According to government sources quoted in Cybernews, it’s planned to be a superset of the features found in Google-owned Virus Total. This is a common repository of virus signatures, used to check for malware and suspicious files and links.

The launch of the service, which is apparently intended to avoid Western surveillance, is based on several factors. First, there are concerns that the U.S. government could monitor data placed in Virus Total and track malware with Russian origins, hence the need for a separate entity.

That concern isn’t so farfetched. Virus Total suffered a major data leak this past summer. A list of more than 5,000 customers of the virus service were accidentally uploaded to the platform.

Some of these customers included various U.S. and U.K. government agency staffers, such as from the National Security Agency and Government Communications Headquarters, respectively. One source quoted in the announcement said that it’s possible Virus Total usage within Russia might become illegal once Multiscanner becomes fully operational.

Second, this is another step in the transformation of Russia’s digital universe into a more closed system. That universe has created its own social media network called Vkontakte, the Yandex search engine and an Android app store named RuStore. Russia has been working on having a fully segregated internet service similar to what China has built over the past several decades, with peering points that connect to the overall worldwide internet managed and filtered by a state-run agency called Roskomnadzor.

Finally, the move is in response to various international sanctions that have been created in the wake of the Ukrainian invasion. It’s intended to produce other homegrown alternatives to foreign tech sources that are now restricted to operate inside the country, or that have chosen to close their offices.

The new venture is somewhat ironic, given the presence Russian-based malware groups have in the overall threat landscape. Verizon’s most recent Data Breach Investigations Report, for example, cites monthly Russian exploits for 2022, and there are other reports of frequent disinformation campaigns that date back to Russian sources during the 2016 U.S. presidential election.

Multiscanner will also include both static and behavioral application analysis tools, such as sandboxes, and unspecified hardware and software elements. The system is being developed at the National Technology Center for Digital Cryptography, according to Russian media reports. It will involve multiple Russian companies and organizations as part of the Digital Economy national project, including Kaspersky, Dr. Web, Netoscope and AVsoft. Whether that brings new attention by U.S. and E.U. regulators on these providers for their Russian activities remains to be seen.

Image: TheDigitalArtist/Pixabay