Iranian hacker group: Anyone who downloads apps onto their Android smartphone or tablet should have security software installed. Otherwise, you're in for a nasty surprise if, for example, the desired translation app turns out to be a spy tool - and personal data suddenly changes hands.

Iranian hacker groups use translation app

This is exactly what is currently happening in Iran, researchers from IT security manufacturer ESET have discovered. Apparently, the Iranian APT-C-50 group “Domestic Kitten” is running such a campaign. It hides a new version of the Android malware FurBall in a translation app. This collects a lot of information from the affected device and sends it back to the hacker gang. The ESET researchers have published a detailed analysis on the security blog.

“It is not clear to what extent the current version of FurBall is related to the unrest in Iran. “It’s a strange coincidence that a local hacker group that is said to be close to those in power is now once again illegally distributing surveillance software on a large scale,” says Thorsten Urbanski, security expert at ESET Germany. “Domestic Kitten is known to conduct mobile surveillance operations against Iranian citizens since at least 2016.”

“Classic” distribution

However, the APT group is not particularly imaginative in its campaign. She posted a copy of a well-known Iranian website (www.downloadmaghaleh.com) that offers translations of articles, magazines and books from English into Persian. A translation app is offered as an additional “service”, which can be downloaded by clicking on the illegally used Google Play logo. Of course, you don't download the software from the official Google Play Store, but directly from the cybercriminals' servers.

Based on the contact information on the legitimate website, this service is offered from Iran. This fact suggests that the fake website is targeting Iranian citizens.

Well-known functions

This new version of FurBall has the same monitoring features as previous ones. Since the functionality of this variant has not changed, the main purpose of this update appears to be to avoid detection by security software. However, the changes do not affect ESET products, they detect this threat as Android/Spy.Agent.BWS. FurBall. The Android malware was created based on the commercial stalkerware tool KidLogger.

Once the malware is installed, the attacker has access to a lot of information such as:

  • Text from the clipboard
  • Device location
  • SMS messages
  • contacts
  • Call logs
  • recorded calls
  • Texts of all notifications from other applications
  • Device accounts
  • List of files on the device
  • running apps
  • List of installed apps
  • Device information

The example analyzed by ESET researchers only requested a single permission - access to contacts. The reason for this could be the goal of staying under the radar. On the other hand, this could also indicate that this is just the preliminary phase of a spearphishing attack carried out via text messages.

source

Domestic Kitten – Iranians are being spied on with new FurBall malware

Also read: No, the head of the Nordstream sabotage investigation did not die after a bee sting


If you enjoyed this post and value the importance of well-founded information, become part of the exclusive Mimikama Club! Support our work and help us promote awareness and combat misinformation. As a club member you receive:

📬 Special Weekly Newsletter: Get exclusive content straight to your inbox.
🎥 Exclusive video* “Fact Checker Basic Course”: Learn from Andre Wolf how to recognize and combat misinformation.
📅 Early access to in-depth articles and fact checks: always be one step ahead.
📄 Bonus articles, just for you: Discover content you won't find anywhere else.
📝 Participation in webinars and workshops : Join us live or watch the recordings.
✔️ Quality exchange: Discuss safely in our comment function without trolls and bots.

Join us and become part of a community that stands for truth and clarity. Together we can make the world a little better!

* In this special course, Andre Wolf will teach you how to recognize and effectively combat misinformation. After completing the video, you have the opportunity to join our research team and actively participate in the education - an opportunity that is exclusively reserved for our club members!


Notes:
1) This content reflects the current state of affairs at the time of publication. The reproduction of individual images, screenshots, embeds or video sequences serves to discuss the topic. 2) Individual contributions were created through the use of machine assistance and were carefully checked by the Mimikama editorial team before publication. ( Reason )