Iranian Hackers Hiding Malware in Food and Wallpaper Apps

Cyber-security company Check Point reported that two Iranian surveillance operations are using malware hidden in wallpaper, game, and food apps to target over 1000 dissidents in Iran and other countries.

The two groups were identified as Domestic Kitten or APT-5 and Infy or Prince Of Persia.

Check Point said Domestic Kitten or APT-5 relied on deceptive methods to compromise their targets. 

Their methods included repackaging an existing game application in the Google Play Store, pretending to be a restaurant in Tehran, offering a fake mobile-security application, providing a compromised application that publishes articles from local media, offering infected wallpaper containing pro-Daesh imagery, and mimicking a legitimate Android application store to download other software.

Domestic Kitten has reportedly infected 600 targets so far from seven different countries.

Domestic Kitten utilized an infected software, dubbed Furball which can record calls and other sounds, track locations, collect device data, collect SMS and call logs, extract videos and photos, obtain a list of other installed applications and extract external storage data from their victims.

Infy has reportedly targeted dissidents from 12 countries by tricking them into opening malicious email attachments or phishing.

Check Point said one of Infy’ used an email apparently offering loans to disabled veterans but contained spyware.

Yaniv Balmas, head of cyber research at Check Point, explained that Infy is the longest-running advanced persistent threat and has been in operation since 2007.

Check Point said that both operations utilized regular hackers hired by governments while others are government agents themselves.

© Fourth Estate® — All Rights Reserved.
This material may not be published, broadcast, rewritten or redistributed.