'FurBall' Spyware Being Used Against Iranian Citizens
New Android malware variant is part of long-running Domestic Kitten campaign being conducted by APT C-50 Group, analysts report.
Analysts have flagged a new Android malware variant being used by APT-C-50 as part of its wider Domestic Kitten campaign to spy on Iranian citizens.
ESET researchers named the new spyware FurBall, but point out that aside from a few new scripts and tweaks, the basic functionality of the latest APT-C-50 malware iteration is unchanged from previous versions. The mobile surveillance spyware is delivered through a malicious app that offers Iranian translations of books and magazines.
Domestic Kitten campaign was first discovered back in 2016.
"The analyzed sample requests only one intrusive permission — to access contacts," the ESET team said about the new FurBall malware. "The reason could be its aim to stay under the radar; on the other hand, we also think it might signal it is just the preceding phase, of a spearphishing attack conducted via text messages."
However, if the attackers could expand the malicious app permissions, they would be able to steal additional device data, including text messages, location information, recorded voice calls, and more, the researchers added.
About the Author(s)
You May Also Like
Key Findings from the State of AppSec Report 2024
May 7, 2024Is AI Identifying Threats to Your Network?
May 14, 2024Where and Why Threat Intelligence Makes Sense for Your Enterprise Security Strategy
May 15, 2024Safeguarding Political Campaigns: Defending Against Mass Phishing Attacks
May 16, 2024Why Effective Asset Management is Critical to Enterprise Cybersecurity
May 21, 2024
Black Hat USA - August 3-8 - Learn More
August 3, 2024Cybersecurity's Hottest New Technologies: What You Need To Know
March 21, 2024