Lookout Discovers Iranian APT MuddyWater Leveraging DCHSpy During Israel-Iran Conflict
Lookout Discovers Iranian APT MuddyWater Leveraging DCHSpy During Israel-Iran Conflict
DCHSpy is an Android surveillanceware family that Lookout customers have been protected from since 2024. It is likely developed and maintained by MuddyWater, a cyber espionage group believed to be affiliated with Iran’s Ministry of Intelligence and Security (MOIS). This group targets diverse government and private entities in various sectors, such as telecommunications, local government, defense, and oil and natural gas, across the Middle East, Asia, Africa, Europe, and North America.
In light of the recent conflict in Iran, it appears that new versions of DCHSpy are being deployed against adversaries. It uses political lures and disguises itself as legitimate apps like VPNs or banking applications. This modular malware collects the following data:
- Accounts logged into on the device
- Contacts
- SMS messages
- Files stored on the device
- Location data
- Call logs
- Audio by taking control of the microphone
- Photos by taking control of the camera
- WhatsApp data
To read the complete article see:
Lookout Article
đź”— Stay informed!