New Android malware variant is part of long-running Domestic Kitten campaign being conducted by APT C-50 Group, analysts report.

Dark Reading Staff, Dark Reading

October 20, 2022

1 Min Read
Abstract image of computer code with the word spyware inserted
Source: Tiny Ivan via Alamy Stock Photo

Analysts have flagged a new Android malware variant being used by APT-C-50 as part of its wider Domestic Kitten campaign to spy on Iranian citizens. 

ESET researchers named the new spyware FurBall, but point out that aside from a few new scripts and tweaks, the basic functionality of the latest APT-C-50 malware iteration is unchanged from previous versions. The mobile surveillance spyware is delivered through a malicious app that offers Iranian translations of books and magazines. 

Domestic Kitten campaign was first discovered back in 2016. 

"The analyzed sample requests only one intrusive permission — to access contacts," the ESET team said about the new FurBall malware. "The reason could be its aim to stay under the radar; on the other hand, we also think it might signal it is just the preceding phase, of a spearphishing attack conducted via text messages."

However, if the attackers could expand the malicious app permissions, they would be able to steal additional device data, including text messages, location information, recorded voice calls, and more, the researchers added.  

About the Author(s)

Dark Reading Staff

Dark Reading

Dark Reading is a leading cybersecurity media site.

Keep up with the latest cybersecurity threats, newly discovered vulnerabilities, data breach information, and emerging trends. Delivered daily or weekly right to your email inbox.

You May Also Like

More Insights