Security News > 2022 > October > Hackers Using New Version of FurBall Android Malware to Spy on Iranian Citizens
The Iranian threat actor known as Domestic Kitten has been attributed to a new mobile campaign that masquerades as a translation app to distribute an updated variant of an Android malware known as FurBall.
"Since June 2021, it has been distributed as a translation app via a copycat of an Iranian website that provides translated articles, journals, and books," ESET researcher Lukas Stefanko said in a report shared with The Hacker News.
APT-C-50 has primarily singled out "Iranian citizens that could pose a threat to the stability of the Iranian regime, including internal dissidents, opposition forces, ISIS advocates, the Kurdish minority in Iran, and more," according to Check Point.
Irrespective of the method employed, the apps act as a conduit to deliver a piece of malware codenamed by the Israeli cybersecurity company named Furball, a customized version of KidLogger which comes with capabilities to gather and exfiltrate personal data from the devices.
Despite this handicap, the Furball malware, in its present form, can retrieve commands from a remote server that allows it to gather contacts, files from external storage, a list of installed apps, basic system metadata, and synced user accounts.
"The Domestic Kitten campaign is still active, using copycat websites to target Iranian citizens," Stefanko said.
News URL
https://thehackernews.com/2022/10/hackers-using-new-version-of-furball.html
Related news
- Iranian Hackers Use "Dream Job" Lures to Deploy SnailResin Malware in Aerospace Attacks (source)
- Iranian Hackers Deploy WezRat Malware in Attacks Targeting Israeli Organizations (source)
- Russia targets Ukrainian conscripts with Windows, Android malware (source)
- Android malware "FakeCall" now reroutes bank calls to attackers (source)
- New FakeCall Malware Variant Hijacks Android Devices for Fraudulent Banking Calls (source)
- New Android Banking Malware 'ToxicPanda' Targets Users with Fraudulent Money Transfers (source)
- North Korean Hackers Target Crypto Firms with Hidden Risk Malware on macOS (source)
- North Korean hackers use new macOS malware against crypto firms (source)
- Unpatched Mazda Connect bugs let hackers install persistent malware (source)
- North Korean Hackers Target macOS Using Flutter-Embedded Malware (source)