Jump to content
GFX Designer Recruitment Campaign
Moderators Recruitment

[News] Iran 'hides spyware in wallpaper, restaurant and games apps'

Shyloo

By Shyloo
in News

 Share

Recommended Posts

Shyloo Proficient

Shyloo

Posted
Posted

Iran 'hides spyware in wallpaper, restaurant and games apps'

_116863711_checkpoint.jpg

 

Iran is running two surveillance operations in cyber-space, targeting more than 1,000 dissidents, according to a leading cyber-security company.

The efforts were directed against individuals in Iran and 12 other countries, including the UK and US, Check Point said.

It said the two groups involved were using new techniques to install spyware on targets' PCs and mobile devices.

And this was then being used to steal call recordings and media files.

One of the groups, known as Domestic Kitten or APT-50, is accused of tricking people into downloading malicious software on to mobile phones by a variety of means including:

repackaging an existing version of an authentic video game found on the Google Play store
mimicking an app for a restaurant in Tehran
offering a fake mobile-security app
providing a compromised app that publishes articles from a local news agency
supplying an infected wallpaper app containing pro-Islamic State imagery
masquerading as an Android application store to download further software
The American-Israeli company's researchers documented 1,200 victims being targeted by the campaign, living in seven countries.

There had been more than 600 successful infections, it said.

The second group, known as Infy or Prince Of Persia, is said to spy on the home and work PCs of dissidents in 12 countries, extracting sensitive data after tricking people into opening malicious email attachments.

The Iranian government has not commented on the report.

Furball malware
Domestic Kitten's operation was first identified in 2018.

And Check Point said there was evidence it had run at least 10 campaigns since 2017.

Four of these were still active, with the most recent beginning in November 2020.

And it was using an Iranian blog site, Telegram channels and text messages to lure people into installing its infected software, which the researchers have dubbed Furball, which could:

Uzbekistan
The other group, Infy, is said to have been operating as far back as 2007.

Its most recent activity had targeted PCs, with fake emails with attractive content, usually with an attached document, Check Point said.

One example provided was of a document apparently about loans being offered to disabled veterans.

  • I love it 1
Guest
This topic is now closed to further replies.
 Share
Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.

About Us

CsBlackDevil Community [www.csblackdevil.com], a virtual world from May 1, 2012, which continues to grow in the gaming world. CSBD has over 65k members in continuous expansion, coming from different parts of the world.

Donate for a coffee☕

Get to Know Us

Let Us Help You

Quick Links

×
×
  • Create New...

Important Information

By using this site, you agree to our Terms of Use.

  I accept