Analysts have flagged a new Android malware variant being used by APT-C-50 as part of its wider Domestic Kitten campaign to spy on Iranian citizens.
ESET researchers named the new spyware FurBall, but point out that aside from a few new scripts and tweaks, the basic functionality of the latest APT-C-50 malware iteration is unchanged from previous versions. The mobile surveillance spyware is delivered through a malicious app that offers Iranian translations of books and magazines.
Domestic Kitten campaign was first discovered back in 2016.
"The analyzed sample requests only one intrusive permission — to access contacts," the ESET team said about the new FurBall malware. "The reason could be its aim to stay under the radar; on the other hand, we also think it might signal it is just the preceding phase, of a spearphishing attack conducted via text messages."
However, if the attackers could expand the malicious app permissions, they would be able to steal additional device data, including text messages, location information, recorded voice calls, and more, the researchers added.