Iranian Government Uses Android Malware For Mobile Surveillance

Uploaded on 2023-05-18 in INTELLIGENCE--International, GOVERNMENT-Law Enforcement, FREE TO VIEW

Mobile security firm Lookout has analysed a piece of Android spyware used by the Iranian government to spy on local minority groups in the country and monitor arms, alcohol, and drugs trafficking. Known as BouldSpy, the Android spyware is most likely installed by Iranian law enforcement agencies  using physical access to the devices, likely obtained during detention.

The spyware is thought to been in use since at 2020, with more than 300 targets identifing include Iranian Kurds, Azeris, Baluchis, and Armenian Christian groups. 

According to Lookout's analysis, the command-and-control panel of the malware allows the operator to manage the divides and build custom applications that impersonate Android system services. 

  • The malware connects account usernames, list of installed apps, browsing history, call logs, SMS messages and possibly more. 
  • BouldSpy conducts malicious activities in the background, abusing Android accessibility services. It also disables battery management.
  • BouldSpy also contains ransomware code borrowed from the open source project CryDroid, but researchers say the code is unused, suggesting that ransomware capabilities are under development for future deployment.

In a separate development, he Federal Bureau of Investigation, the Cybersecurity and Infrastructure Security Agency, the US Cyber Command Cyber National Mission Force, and the UK’s National Cyber Security Centre have observed a group of Iranian government-sponsored advanced persistent threat actors, known as MuddyWater. 

This group has been conducting cyber espionage and other malicious cyber operations targeting a range of government and private-sector organisations across sectors, including telecommunications, defense, local government, and oil and natural gas in Asia, Africa, Europe, and North America. 

CISA:    Lookout:     US Cyber Command:    Mandiant:     Oodaloop:    Security Week:   

You Might Also Read: 

Ransomware Used Against Albania Linked To Iran:

___________________________________________________________________________________________

If you like this website and use the comprehensive 6,500-plus service supplier Directory, you can get unrestricted access, including the exclusive in-depth Directors Report series, by signing up for a Premium Subscription.

  • Individual £5 per month or £50 per year. Sign Up
  • Multi-User, Corporate & Library Accounts Available on Request

Cyber Security Intelligence: Captured Organised & Accessible

 

 

« ABB Struck By Black Basta Ransomware
How Can We Realise Cyber Resilience Through Education? »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

North Infosec Testing (North IT)

North Infosec Testing (North IT)

North IT (North Infosec Testing) are an award-winning provider of web, software, and application penetration testing.

ZenGRC

ZenGRC

ZenGRC - the first, easy-to-use, enterprise-grade information security solution for compliance and risk management - offers businesses efficient control tracking, testing, and enforcement.

CYRIN

CYRIN

CYRIN® Cyber Range. Real Tools, Real Attacks, Real Scenarios. See why leading educational institutions and companies in the U.S. have begun to adopt the CYRIN® system.

Clayden Law

Clayden Law

Clayden Law advise global businesses that buy and sell technology products and services. We are experts in information technology, data privacy and cybersecurity law.

LockLizard

LockLizard

Locklizard provides PDF DRM software that protects PDF documents from unauthorized access and misuse. Share and sell documents securely - prevent document leakage, sharing and piracy.

Mellanox Technologies

Mellanox Technologies

Mellanox Technologies is a leading supplier of end-to-end Ethernet and InfiniBand intelligent interconnect solutions and services for servers, storage, and hyper-converged infrastructure.

CERT-FR

CERT-FR

CERT-FR is the French national government computer security incident response team.

Cyber Security Agency of Singapore (CSA)

Cyber Security Agency of Singapore (CSA)

The CSA is the national agency overseeing cybersecurity strategy, operation, education, outreach, and ecosystem development.

Junglemap

Junglemap

Junglemap provide nanolearning training courses on ransomware, information security and GDPR.

London Office for Rapid Cybersecurity Advancement (LORCA)

London Office for Rapid Cybersecurity Advancement (LORCA)

LORCA's mission is to support the most promising cyber security innovators in growing solutions to meet the most pressing industry challenges and build the UK’s international cyber security profile.

XignSYS

XignSYS

XignSys develops innovative password-free and user-friendly Authentication solutions and electronic signature systems for B2B and B2C applications.

Scientific Cyber Security Association (SCSA)

Scientific Cyber Security Association (SCSA)

The main goal of Scientific Cyber Security Association is the development of scientific and practical directions of cyber security.

Internap Corporation (INAP)

Internap Corporation (INAP)

INAP is a global provider of high-performance data center and cloud solutions, partnering with customers worldwide to create secure and scalable IT infrastructure solutions.

Cytelligence

Cytelligence

Cytelligence is a cyber security consulting company with deep expertise in Cyber Breach Response, Cyber Breach Investigations, and Digital Forensics.

Software Diversified Services (SDS)

Software Diversified Services (SDS)

SDS provides the highest quality mainframe software and award-winning, expert service with an emphasis on security, encryption, monitoring, and data compression.

Pelion

Pelion

Pelion Connected Device Services are the easiest way to securely connect and manage your devices, allowing you to focus on forging your future.

Sontiq

Sontiq

Sontiq is committed to providing best-in-class, highly scalable, award-winning identity security solutions to consumers, businesses and government agencies.

Fusion Risk Management

Fusion Risk Management

Fusion Risk Management focuses on operational resilience encompassing business continuity, risk management, IT risk, and crisis and incident management.

National Cryptologic Foundation (NCF)

National Cryptologic Foundation (NCF)

The National Cryptologic Foundation strives to influence the cryptologic future by sharing our educational resources, stimulating new knowledge, and commemorating our heritage.

Knownsec

Knownsec

Knownsec provides customers with cloud defense, cloud monitoring, and cloud mapping products and services with "AI + security big data" as the underlying capability.

Fairly AI

Fairly AI

Fairly AI is on a mission to democratize safe, secure, and compliant AI across the enterprise.