‘Domestic Kitten’ mobile spyware targets Iran

The new mobile spyware is spreading via fake Android apps. Iranian government might be involved behind‘Domestic Kitten’ mobile spyware campaign against Iranian citizens. The operation uses a common APT nomenclature for Iranian groups. The campaign mainly targets ISIS supporters and members of the Kurdish ethnic group residing with Iran — two groups that Tehran regards as hostile to its interests.

The Iranian government uses carefully crafted fake Android apps to attract victims of interest. These apps include an ISIS-branded wallpaper app, a news updates app purporting to be from the legitimate ANF Kurdistan news agency, and a fake version of the Vidogram messaging app.
So far, about 240 users have been infected with the surveillance software and there are also a handful of victims from Afghanistan, Iraq and Great Britain.

In order to stay away from any threats related to the cyber world, we recommend the install of an antivirus for Android, an antivirus for Windows or an antivirus for Mac on every device that you own, depending on which OS your device is running.
If you are a company, it is also recommended to hire every year a specialized cybersecurity company that will run annual tests on your company’s network. These tests include penetration testing and ethical hacking tests;

Malware Analysis
When an infected app is downloaded and the malware is installed, the contact lists stored on the victim’s mobile device, phone call records, SMS messages, browser history and bookmarks, geo-location of the victim, external storage, photos, surrounding voice recordings and more are sent to the government hackers via an AES-encrypted Zip archive file.
All of the applications are using the same certificate, issued back in 2016, and are affiliated with the same email address ([email protected]). They also all use a misspelled package name (andriod.browser).
Researchers believe that Iranian government entities, such as the Islamic Revolutionary Guard Corps (IRGC), Ministry of Intelligence, Ministry of Interior or others, are behind the espionage.

Although the exact identity of the actor behind the attack remains unconfirmed, according to researchers discussions with intelligence experts familiar with the political discourse in this part of the world, the government frequently conducts extensive surveillance of these groups.
We would continue to monitor this cyber threat. Meanwhile, users should keep a keen eye out for any cyber attacks. Remember to use an antivirus for Android, an antivirus for Windows or antivirus for Mac in every device that you own, depending on which OS your machine is running, If you are a company we recommend to hire every year a specialized cybersecurity company that will run annual tests on your company’s network, tests like this include: penetration testing and ethical hacking.