Security News > 2022 > October > Hackers Using New Version of FurBall Android Malware to Spy on Iranian Citizens
The Iranian threat actor known as Domestic Kitten has been attributed to a new mobile campaign that masquerades as a translation app to distribute an updated variant of an Android malware known as FurBall.
"Since June 2021, it has been distributed as a translation app via a copycat of an Iranian website that provides translated articles, journals, and books," ESET researcher Lukas Stefanko said in a report shared with The Hacker News.
APT-C-50 has primarily singled out "Iranian citizens that could pose a threat to the stability of the Iranian regime, including internal dissidents, opposition forces, ISIS advocates, the Kurdish minority in Iran, and more," according to Check Point.
Irrespective of the method employed, the apps act as a conduit to deliver a piece of malware codenamed by the Israeli cybersecurity company named Furball, a customized version of KidLogger which comes with capabilities to gather and exfiltrate personal data from the devices.
Despite this handicap, the Furball malware, in its present form, can retrieve commands from a remote server that allows it to gather contacts, files from external storage, a list of installed apps, basic system metadata, and synced user accounts.
"The Domestic Kitten campaign is still active, using copycat websites to target Iranian citizens," Stefanko said.
News URL
https://thehackernews.com/2022/10/hackers-using-new-version-of-furball.html
Related news
- Chinese Hackers Exploiting Ivanti VPN Flaws to Deploy New Malware (source)
- U.S. Charges Iranian Hacker, Offers $10 Million Reward for Capture (source)
- Hackers Exploit ConnectWise ScreenConnect Flaws to Deploy TODDLERSHARK Malware (source)
- Hackers target Docker, Hadoop, Redis, Confluence with new Golang malware (source)
- Magnet Goblin hackers use 1-day flaws to drop custom Linux malware (source)
- Hackers exploit WordPress plugin flaw to infect 3,300 sites with malware (source)
- Hackers leverage 1-day vulnerabilities to deliver custom Linux malware (source)
- PixPirate Android malware uses new tactic to hide on phones (source)
- Hackers abuse Windows SmartScreen flaw to drop DarkGate malware (source)
- Hackers exploit Windows SmartScreen flaw to drop DarkGate malware (source)