Security News > 2022 > October > Hackers Using New Version of FurBall Android Malware to Spy on Iranian Citizens

The Iranian threat actor known as Domestic Kitten has been attributed to a new mobile campaign that masquerades as a translation app to distribute an updated variant of an Android malware known as FurBall.

"Since June 2021, it has been distributed as a translation app via a copycat of an Iranian website that provides translated articles, journals, and books," ESET researcher Lukas Stefanko said in a report shared with The Hacker News.

APT-C-50 has primarily singled out "Iranian citizens that could pose a threat to the stability of the Iranian regime, including internal dissidents, opposition forces, ISIS advocates, the Kurdish minority in Iran, and more," according to Check Point.

Irrespective of the method employed, the apps act as a conduit to deliver a piece of malware codenamed by the Israeli cybersecurity company named Furball, a customized version of KidLogger which comes with capabilities to gather and exfiltrate personal data from the devices.

Despite this handicap, the Furball malware, in its present form, can retrieve commands from a remote server that allows it to gather contacts, files from external storage, a list of installed apps, basic system metadata, and synced user accounts.

"The Domestic Kitten campaign is still active, using copycat websites to target Iranian citizens," Stefanko said.

News URL

https://thehackernews.com/2022/10/hackers-using-new-version-of-furball.html