Security News > 2021 > August > Iran-Linked Hackers Expand Arsenal With New Android Backdoor
The Iran-linked hacking group named Charming Kitten has added a new Android backdoor to its arsenal and successfully compromised individuals associated with the Iranian reformist movement, according to security researchers with IBM's X-Force threat intelligence team.
Last year, the group accidentally exposed approximately 40 GB of videos and other content associated with its operations, including training videos on how to exfiltrate data from online accounts, and clips detailing the successful compromise of certain targets.
Dubbed LittleLooter, the recently discovered Android backdoor appears to be exclusive to Charming Kitten, providing the threat actor with extensive information-stealing capabilities, including video and live screen recording, number calling, file upload/download, voice call recording, GPS data gathering, device information harvesting, browser history harvesting, connectivity manipulation, contact information stealing, picture snapping, and retrieving SMS and call list details.
The observed activity, IBM says, aligns with the group's "Long-standing operations against Iranian citizens of interest." As part of the activity, the hackers "Exfiltrated roughly 120 gigabytes of information from approximately 20 individuals aligned with the Reformist movement in Iran," using legitimate utilities associated with the hacked accounts.
The stolen information includes photos, contact lists, conversations, and group memberships.
The security researchers point out that the group often goes beyond just sending phishing messages to its victims, attempting to chat, call, and even video conference with the victims, which suggests hands-on work from numerous operators.