The Domestic Kitten campaign has been spying on Iranians since 2016, specifically on those that could pose a threat to the stability of the regime, through the use of deceitful mobile applications loaded with malware. The latest threats detected are no different.
According to ESET experts, it is the newest version of an Android app named Furball - a malware deployed by the Domestic Kitten hacking group since their operation began six years ago.
This new strain of Furball has been distributed as a translation app since June 2021 by visually mimicking and essentially creating a clone website of a legitimate English-to-Persian translation service popular in the country.
The latest version of Furball was sampled and analyzed by ESET researchers, who found the app’s surveillance functionality remains the same as previous versions, yet the main purpose of the update “appears to be to avoid detection by security software.”
In the same sample analyzed by ESET, the only intrusive request the Android app made was to access contacts. Experts said this could either mean the hackers are trying to lay low as to not attract the suspicion of potential victims during the installation process, or that this update may just be a preceding phase of a text message phishing attack to come.
Although Furball has limited spying capabilities right now, ESET researchers warned that if it ends up expanding its permission requests over time this could allow the app to have control over the attacked phone, and extract more sensitive data from it, such as text messages, device location, recorded phone calls, and many more.
According to a 2021 study by cyber intelligence researcher Check Point, the Domestic Kitten Group is continuing to spy on Iranian who “could pose a threat to the stability of the Iranian regime, including internal dissidents, opposition forces, ISIS advocates, the Kurdish minority in Iran, and more.”
The cyber threat analysis comes amid the ongoing series of civil unrest and violent crackdowns in Iran, sparked by the death of a 22-year-old woman named Masha Amini who died on September 13; days after she was detained by the country’s morality police for allegedly not complying with the country’s hijab law.
The demonstrations are seen as the most serious challenge to the Iranian authorities in decades.
