Iranian Government Uses Android Malware For Mobile Surveillance

Mobile security firm Lookout has analysed a piece of Android spyware used by the Iranian government to spy on local minority groups in the country and monitor arms, alcohol, and drugs trafficking. Known as BouldSpy, the Android spyware is most likely installed by Iranian law enforcement agencies  using physical access to the devices, likely obtained during detention.

The spyware is thought to been in use since at 2020, with more than 300 targets identifing include Iranian Kurds, Azeris, Baluchis, and Armenian Christian groups. 

According to Lookout's analysis, the command-and-control panel of the malware allows the operator to manage the divides and build custom applications that impersonate Android system services. 

  • The malware connects account usernames, list of installed apps, browsing history, call logs, SMS messages and possibly more. 
  • BouldSpy conducts malicious activities in the background, abusing Android accessibility services. It also disables battery management.
  • BouldSpy also contains ransomware code borrowed from the open source project CryDroid, but researchers say the code is unused, suggesting that ransomware capabilities are under development for future deployment.

In a separate development, he Federal Bureau of Investigation, the Cybersecurity and Infrastructure Security Agency, the US Cyber Command Cyber National Mission Force, and the UK’s National Cyber Security Centre have observed a group of Iranian government-sponsored advanced persistent threat actors, known as MuddyWater. 

This group has been conducting cyber espionage and other malicious cyber operations targeting a range of government and private-sector organisations across sectors, including telecommunications, defense, local government, and oil and natural gas in Asia, Africa, Europe, and North America. 

CISA:    Lookout:     US Cyber Command:    Mandiant:     Oodaloop:    Security Week:   

You Might Also Read: 

Ransomware Used Against Albania Linked To Iran:

___________________________________________________________________________________________

If you like this website and use the comprehensive 6,500-plus service supplier Directory, you can get unrestricted access, including the exclusive in-depth Directors Report series, by signing up for a Premium Subscription.

  • Individual £5 per month or £50 per year. Sign Up
  • Multi-User, Corporate & Library Accounts Available on Request

Cyber Security Intelligence: Captured Organised & Accessible


 

 

« ABB Struck By Black Basta Ransomware
How Can We Realise Cyber Resilience Through Education? »

CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

North Infosec Testing (North IT)

North Infosec Testing (North IT)

North IT (North Infosec Testing) are an award-winning provider of web, software, and application penetration testing.

ManageEngine

ManageEngine

As the IT management division of Zoho Corporation, ManageEngine prioritizes flexible solutions that work for all businesses, regardless of size or budget.

Practice Labs

Practice Labs

Practice Labs is an IT competency hub, where live-lab environments give access to real equipment for hands-on practice of essential cybersecurity skills.

Jooble

Jooble

Jooble is a job search aggregator operating in 71 countries worldwide. We simplify the job search process by displaying active job ads from major job boards and career sites across the internet.

Resecurity, Inc.

Resecurity, Inc.

Resecurity is a cybersecurity company that delivers a unified platform for endpoint protection, risk management, and cyber threat intelligence.

Defense Advanced Research Projects Agency (DARPA)

Defense Advanced Research Projects Agency (DARPA)

DARPA's mission is to develop breakthrough technologies for national security. The Information Innovation Office undertakes cyber security activities.

Metasploit

Metasploit

Metasploit penetration testing software helps find security issues, verify vulnerabilities and manage security assessments.

Valire Software

Valire Software

Valire provide a solution for the automated detection of internal fraud.

Estio Training

Estio Training

Estio Training is a specialist digital and IT apprenticeships provider, dedicated to introducing new skills and developing existing talent in businesses across the UK.

Macquarie Telecom Group

Macquarie Telecom Group

Macquarie Telecom is Australia's datacentre, cloud, cyber security and telecom company for mid-large business and government customers.

Future Technology Systems Company (FutureTEC)

Future Technology Systems Company (FutureTEC)

FutureTEC is a leading Information Technology Solutions Provider, delivering world-class Information Security, Information Management, and Business Solutions.

RedLegg

RedLegg

RedLegg is a master provider of information security services, a boutique, nimble, old-fashioned customer service company that enjoys the technology battlefield.

Lucata

Lucata

Lucata solutions support groundbreaking graph analytics and improved machine learning for organizations in financial services, cybersecurity, healthcare, pharmaceuticals, telecommunications and more.

TotalAV

TotalAV

TotalAV Antivirus is a free-to-use app packed with all the essential features to find and remove malware, keeping you safe.

Atlantic Data Security

Atlantic Data Security

Atlantic Data Security is skilled in the analysis, recommendation, deployment, and management of all critical components of the security infrastructure.

Tailscale

Tailscale

Tailscale is a VPN service that makes the devices and applications you own accessible anywhere in the world, securely and effortlessly.

Park Place Technologies

Park Place Technologies

Park Place Technologies' mission is to drive uptime, performance and value for critical IT infrastructure.

Logically.ai

Logically.ai

Logically combines artificial intelligence with expert analysts to tackle harmful and manipulative content at speed and scale.

DruvStar

DruvStar

DruvStar provides B2B cybersecurity around threat management to strengthen businesses across attack vectors.

Washington Technology Solutions (WaTech)

Washington Technology Solutions (WaTech)

WaTech operates the state’s core technology infrastructure – the central network and data center, provides strategic direction for cybersecurity and protects state networks from growing cyber threats.

Appranix

Appranix

Appranix delivers Cloud App Resilience with app-centric entire cloud resources backup, restore, and cross-region disaster recovery.