Iranian Government Uses Android Malware For Mobile Surveillance

Uploaded on 2023-05-18 in INTELLIGENCE--International, GOVERNMENT-Law Enforcement, FREE TO VIEW

Mobile security firm Lookout has analysed a piece of Android spyware used by the Iranian government to spy on local minority groups in the country and monitor arms, alcohol, and drugs trafficking. Known as BouldSpy, the Android spyware is most likely installed by Iranian law enforcement agencies  using physical access to the devices, likely obtained during detention.

The spyware is thought to been in use since at 2020, with more than 300 targets identifing include Iranian Kurds, Azeris, Baluchis, and Armenian Christian groups. 

According to Lookout's analysis, the command-and-control panel of the malware allows the operator to manage the divides and build custom applications that impersonate Android system services. 

  • The malware connects account usernames, list of installed apps, browsing history, call logs, SMS messages and possibly more. 
  • BouldSpy conducts malicious activities in the background, abusing Android accessibility services. It also disables battery management.
  • BouldSpy also contains ransomware code borrowed from the open source project CryDroid, but researchers say the code is unused, suggesting that ransomware capabilities are under development for future deployment.

In a separate development, he Federal Bureau of Investigation, the Cybersecurity and Infrastructure Security Agency, the US Cyber Command Cyber National Mission Force, and the UK’s National Cyber Security Centre have observed a group of Iranian government-sponsored advanced persistent threat actors, known as MuddyWater. 

This group has been conducting cyber espionage and other malicious cyber operations targeting a range of government and private-sector organisations across sectors, including telecommunications, defense, local government, and oil and natural gas in Asia, Africa, Europe, and North America. 

CISA:    Lookout:     US Cyber Command:    Mandiant:     Oodaloop:    Security Week:   

You Might Also Read: 

Ransomware Used Against Albania Linked To Iran:

___________________________________________________________________________________________

If you like this website and use the comprehensive 6,500-plus service supplier Directory, you can get unrestricted access, including the exclusive in-depth Directors Report series, by signing up for a Premium Subscription.

  • Individual £5 per month or £50 per year. Sign Up
  • Multi-User, Corporate & Library Accounts Available on Request

Cyber Security Intelligence: Captured Organised & Accessible

 

 

« ABB Struck By Black Basta Ransomware
How Can We Realise Cyber Resilience Through Education? »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

Jooble

Jooble

Jooble is a job search aggregator operating in 71 countries worldwide. We simplify the job search process by displaying active job ads from major job boards and career sites across the internet.

MIRACL

MIRACL

MIRACL provides the world’s only single step Multi-Factor Authentication (MFA) which can replace passwords on 100% of mobiles, desktops or even Smart TVs.

North Infosec Testing (North IT)

North Infosec Testing (North IT)

North IT (North Infosec Testing) are an award-winning provider of web, software, and application penetration testing.

ManageEngine

ManageEngine

As the IT management division of Zoho Corporation, ManageEngine prioritizes flexible solutions that work for all businesses, regardless of size or budget.

NordLayer

NordLayer

NordLayer is an adaptive network access security solution for modern businesses — from the world’s most trusted cybersecurity brand, Nord Security. 

aizoOn Technology Consulting

aizoOn Technology Consulting

aizoOn is a technology consulting company offering a range of services including IoT & embedded security, mobile security, cybersecurity assessments, risk & compliance, network monitoring and more.

Softtek

Softtek

Softtek helps its clients to gain a competitive edge by implementing digital solutions that propel their business strategies.

PSC

PSC

PSC is a leading PCI and PA DSS assessor and Approved Scanning Vendor.

Ingalls Information Security

Ingalls Information Security

Ingalls Information Security provides network security, monitoring and forensics.

Optiv

Optiv

Optiv is a market-leading provider of end-to-end cyber security solutions. We help clients plan, build and run successful cyber security programs that achieve business objectives.

Trusted Knight

Trusted Knight

Trusted Knight is a leading provider of security software solutions focused on defeating newly developed malware and crimeware trojans.

Viasat

Viasat

Viasat is a provider of high-speed satellite broadband services and secure networking systems covering military and commercial markets.

Cybersecurity Collaborative

Cybersecurity Collaborative

CyberSecurity Collaborative is a forum for CISOs to share information that will collectively make us stronger, and better equipped to protect our enterprises from those seeking to damage them.

Sysorex Government Services

Sysorex Government Services

Sysorex Government Services helps customers meet their strategic missions by providing secure, optimized IT solutions that allow them to perform more efficiently and effectively.

Pixalate

Pixalate

Pixalate is an omni-channel fraud intelligence company that works with brands and platforms to prevent invalid traffic and improve ad inventory quality.

Quantifind

Quantifind

Quantifind enables financial crimes/fraud analysts and investigators to make better decisions, faster, with intelligent automation.

Acreto

Acreto

Acreto is an end-to-end security infrastructure that protects all your technologies with a single, simple cloud service.

Enzen

Enzen

Enzen is a global knowledge practice that provides consulting, technology, engineering, operating and innovation services to the energy and utility sectors.

Windstream

Windstream

Windstream is a leading provider of advanced network communications and technology solutions for consumers, small businesses, enterprise organizations and carrier partners across the US.

CyberForce Global

CyberForce Global

CyberForce Global are at the forefront of start-up technology recruitment in areas including cybersecurity, IT infrastructure, software, fintech, blockchain and more.

Aikido Security

Aikido Security

Aikido is the no-nonsense security platform for developers. Secure your code, cloud, and runtime in one central system. Find and fix vulnerabilities automatically.