Four new Android spyware samples linked to Iran's intel agency

Four new samples of Android spyware linked to the Iranian Ministry of Intelligence and Security (MOIS) that collects WhatsApp data, records audio and video, and hunts for files by name, surfaced shortly after the Iran-Israel conflict began.

Lookout security researchers spotted the four new DCHSpy malware samples, disguised as VPN apps called Earth VPN and Comodo VPN, beginning from June 23, about a week after Israel first launched missiles at Iran’s nuclear facilities.

Two of them were uploaded to VirusTotal, one with “Starlink,” SpaceX’s global internet player, in the file name, Lookout security intel researcher Alemdar Islamoglu told The Register.

Finding “Starlink” in one of the Earth VPN samples (SHA-1: 9dec46d71289710cd09582d84017718e0547f438) is important because it indicates that the malware slingers may be using Starlink lures to entice victims into downloading DCHSpy. Elon Musk reportedly turned on Starlink for Iranians after Tehran turned off internet services shortly after the airstrike.

Read the complete article here.