Security News > 2023 > May > BouldSpy Android Spyware: Iranian Government's Alleged Tool for Spying on Minority Groups
A new Android surveillanceware possibly used by the Iranian government has been used to spy on over 300 individuals belonging to minority groups.
"The spyware may also have been used in efforts to counter and monitor illegal trafficking activity related to arms, drugs, and alcohol," Lookout said, based on exfiltrated data that contained photos of drugs, firearms, and official documents issued by FARAJA. BouldSpy, like other Android malware families, abuses its access to Android's accessibility services and other intrusive permissions to harvest sensitive data such as web browser history, photos, contact lists, SMS logs, keystrokes, screenshots, clipboard content, microphone audio, and video call recordings.
It's worth pointing out that BouldSpy refers to the same Android malware that Cyble codenamed DAAM in its own analysis last month.
Evidence gathered so far points to BouldSpy being installed on targets' devices via physical access, potentially confiscated after detention.
"Once installed, the spyware will seek to establish a network connection to its C2 server and exfiltrate any cached data from the victim's device to the server," Lookout researchers said.
"BouldSpy represents yet another surveillance tool taking advantage of the personal nature of mobile devices."
News URL
https://thehackernews.com/2023/05/bouldspy-android-spyware-iranian.html
Related news
- New Android spyware found on phone seized by Russian FSB (source)
- New EagleMsgSpy Android spyware used by Chinese police, researchers say (source)
- Gamaredon Deploys Android Spyware "BoneSpy" and "PlainGnome" in Former Soviet States (source)
- Russian cyberspies target Android users with new spyware (source)
- Russian cyberspies target Android users with new spyware (source)
- New Android NoviSpy spyware linked to Qualcomm zero-day bugs (source)