Iranian Government Uses Android Malware For Mobile Surveillance

Uploaded on 2023-05-18 in INTELLIGENCE--International, GOVERNMENT-Law Enforcement, FREE TO VIEW

Mobile security firm Lookout has analysed a piece of Android spyware used by the Iranian government to spy on local minority groups in the country and monitor arms, alcohol, and drugs trafficking. Known as BouldSpy, the Android spyware is most likely installed by Iranian law enforcement agencies  using physical access to the devices, likely obtained during detention.

The spyware is thought to been in use since at 2020, with more than 300 targets identifing include Iranian Kurds, Azeris, Baluchis, and Armenian Christian groups. 

According to Lookout's analysis, the command-and-control panel of the malware allows the operator to manage the divides and build custom applications that impersonate Android system services. 

  • The malware connects account usernames, list of installed apps, browsing history, call logs, SMS messages and possibly more. 
  • BouldSpy conducts malicious activities in the background, abusing Android accessibility services. It also disables battery management.
  • BouldSpy also contains ransomware code borrowed from the open source project CryDroid, but researchers say the code is unused, suggesting that ransomware capabilities are under development for future deployment.

In a separate development, he Federal Bureau of Investigation, the Cybersecurity and Infrastructure Security Agency, the US Cyber Command Cyber National Mission Force, and the UK’s National Cyber Security Centre have observed a group of Iranian government-sponsored advanced persistent threat actors, known as MuddyWater. 

This group has been conducting cyber espionage and other malicious cyber operations targeting a range of government and private-sector organisations across sectors, including telecommunications, defense, local government, and oil and natural gas in Asia, Africa, Europe, and North America. 

CISA:    Lookout:     US Cyber Command:    Mandiant:     Oodaloop:    Security Week:   

You Might Also Read: 

Ransomware Used Against Albania Linked To Iran:

___________________________________________________________________________________________

If you like this website and use the comprehensive 6,500-plus service supplier Directory, you can get unrestricted access, including the exclusive in-depth Directors Report series, by signing up for a Premium Subscription.

  • Individual £5 per month or £50 per year. Sign Up
  • Multi-User, Corporate & Library Accounts Available on Request

Cyber Security Intelligence: Captured Organised & Accessible

 

 

« ABB Struck By Black Basta Ransomware
How Can We Realise Cyber Resilience Through Education? »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

Clayden Law

Clayden Law

Clayden Law are experts in information technology, data privacy and cybersecurity law.

Perimeter 81 / How to Select the Right ZTNA Solution

Perimeter 81 / How to Select the Right ZTNA Solution

Gartner insights into How to Select the Right ZTNA offering. Download this FREE report for a limited time only.

ZenGRC

ZenGRC

ZenGRC - the first, easy-to-use, enterprise-grade information security solution for compliance and risk management - offers businesses efficient control tracking, testing, and enforcement.

UK Cyber Week Expo & Conference

UK Cyber Week Expo & Conference

Award-winning event organiser ROAR B2B announces the launch of UK Cyber Week and its inaugural event on 4 and 5 April 2023 at the Business Design Centre, London.

NordLayer

NordLayer

NordLayer is an adaptive network access security solution for modern businesses — from the world’s most trusted cybersecurity brand, Nord Security. 

Tripwire

Tripwire

Tripwire are a leading provider of risk-based security, compliance and vulnerability management solutions.

Comiq

Comiq

Comiq provide software quality assurance, testing and project management services. Areas of expertise include cybersecurity.

Total Defense

Total Defense

Total Defense solutions include anti-malware, anti-virus, intrusion prevention & mobile security.

LSEC

LSEC

LSEC is a not for profit organization that has the objective to promote Information Security and the expertise in BeNeLux and Europe.

Riddle&Code

Riddle&Code

Riddle&Code combines the security of smart cards with the potential of Bitcoin Technology and the Internet of Things (IoT) to help master the challenges of our digital society.

BetaDen

BetaDen

BetaDen provides a revolutionary platform for businesses to develop next-generation technology, such as the internet of things and industry 4.0.

Pioneer Search

Pioneer Search

Pioneer Search is a UK based Technology & Change, Electronics Engineering, Cyber Security & Cloud and Data & Analytics Employment Agency.

Wolf Hill Group

Wolf Hill Group

Wolf Hill Group, a Slone Partners company, is a national recruitment firm focused on Cybersecurity.

Alias Robotics

Alias Robotics

Alias Robotics is a robot cyber security company. We deliver cyber security solutions for robots and robot components.

Cyral

Cyral

Easily observe, control, and protect your data endpoints in a cloud and DevOps-first world. Discover Data Mesh Security with Cyral.

Verica

Verica

Verica uses chaos engineering to make systems more secure and less vulnerable to costly incidents.

Punk Security

Punk Security

Punk Security are specialists in integrating security into DevOps pipelines, enabling rapid and secure development.

ViewDS Identity Solutions

ViewDS Identity Solutions

ViewDS Identity Solutions develops innovative identity software including cloud identity management solutions, directory services, access and authorization management solutions.

Descope

Descope

Descope is a service that helps every developer build secure, frictionless authentication and user journeys for any application.

HighGround

HighGround

HighGround offer a Cyber Security Solution for everybody, regardless of skillset, to feel empowered in their security experience in reaching Cyber Resilience.

Supra ITS

Supra ITS

Supra ITS is a leading full-service technology partner offering IT Consulting, Cloud Services, 24x7 Managed IT & Cybersecurity Services, and IT Project Support.