Monitoring the phone of Iranian users by malware that monitors the phones of Iranians, is one of the hot topics of the last few days on social networks. And what is the story? Stay tuned.
According to security experts and researchers, a hacker group attempted to Monitoring the phone of Iranian users has done. This group had targeted Iranians before.
Read more:
Monitoring the phone of Iranian users by FurBall malware
A group of researchers in ESET company were able to create a new version of FurBall Android malware identify According to these researchers, a hacker group named APT-C-50 In a campaign called Domestic Kitten, this malware for Monitoring the phones of Iranian users Have used. This campaign is already due Monitoring the phone of Iranian users It was noticed and it seems that the new version of FurBall is also focused on the same goal.
According to the news agency WeLiveSecurity FurBall malware since June 1400 Monitoring the phone of Iranian users Is. This malware has been distributed in the form of a translation application through a copied version of one of the Iranian websites; Meanwhile, the head office of the main website of this application is located in Tehran’s Elkhebal Street and offers “translated articles, magazines and books” to its users.
Researchers have been able to FurBall malware Upload the application containing the malware to the VirusTotal website and in this way analyze the application and identify its virus. WeLiveSecurity has claimed this malware for Monitor users’ phones It is designed, but its designers have acted in such a way that it becomes difficult to identify the virus.
What does FurBall want from you?
At first, this malware seems to ask for simple permissions like allowing access to your phone numbers. Of course, it seems that this simple access permission was adopted only for the purpose of not detecting malware. According to researchers, this is possible Feature of the new version of FurBall The first step is a wider attack through SMS.
According to the researchers, the malware developer may increase the number of permissions requested from you; In that case, it can also extract other data from your phone. Data such as:
Clipboard text, SMS text, device location, contact list, recorded voice calls, text of all notifications from other applications, user accounts on the device, list of all files on the device, running applications, list of installed applications and phone information.
Further expanding these permissions, the application containing the malware can receive commands to record photos and videos and upload photos and videos directly to its server.
According to the researchers, Iranian users have installed a version that can directly receive commands from the server, but currently this malware does more ordinary things. Tasks such as: extracting the list of contacts, accessing the files in the external storage memory, accessing the list of installed applications, obtaining basic information about the phone and the list of user accounts on the device.
Read more: Hacking the news network and a radio station; Detailed details of radio and television hacking! [+ ویدیو]
How does FurBall monitor the phone of Iranian users?
After being installed on the user’s phone, this malware communicates with its server every ten seconds and waits to receive its command. According to experts New version of FurBall Apart from minor changes in the coding, there has been no other change and it is not much different from its previous version.
If we look at the history of the APT-C-50 hacking group, we can see that this group has been trying to hack the Domestic Kitten campaign since 2016. Monitoring the phone of Iranian users to pay
In 2018, the Check Point Institute published an important report focusing on the Domestic Kitten campaign. A year later, the Trend Micro Institute identified similar malware targeting the Middle East in a campaign called Bouncing Golf.
At the time, the campaign was said to have ties to Domestic Kitten. Some time later in the same year, Qianxin claimed that the Domestic Kitten campaign was once again underway Attack on Iranian users Is. Also in 2020 and 2021, there were separate reports about the FurBall malware.
FurBall is an Android-specific malware that appears to have been used in the first attacks of the Domestic Kitten campaign and is based on the commercial KidLogger tool. The developers of FurBall are said to have been inspired by the open source version of KidLogger that was available seven years ago.
But about how FurBall penetration It should be explained to users’ phones that this malware was distributed by a copied version of one of the Iranian websites.
More precisely, it is said that the Android version of the application is downloaded to the user’s smartphone after clicking the “Download Application” button. The Google Play logo can be seen on the download option; But after clicking on it, there is no news of transfer to Google Play.
read more
Your opinion on Monitoring the phone of Iranian users by the FurBall malware What is? Please leave your comments in the comment section duplicate share