Security News > 2022 > October > Hacking group updates Furball Android spyware to evade detection
A new version of the 'FurBall' Android spyware has been found targeting Iranian citizens in mobile surveillance campaigns conducted by the Domestic Kitten hacking group, also known as APT-C-50.
The newest FurBall malware version was sampled and analyzed by ESET researchers, who report it has many similarities with earlier versions, but now comes with obfuscation and C2 updates.
The new version of FurBall is distributed via fake websites that are visually clones of real ones, where victims end up after direct messages, social media posts, emails, SMS, black SEO, and SEO poisoning.
In the fake version, there's a Google Play button that supposedly lets users download an Android version of the translator, but instead of landing on the app store, they are sent an APK file named 'sarayemaghale.
These permissions are still powerful if abused, and at the same time, won't raise suspicions to the targets, which is likely why the hacking group restricted FurBall's potential.
Previous versions of Furball didn't feature any obfuscation at all.