"Hacking Group Updates FurBall Android Spyware to Evade Detection"
The Domestic Kitten hacking group, also known as APT-C-50, has a new version of the 'FurBall' Android spyware targeting Iranian citizens in mobile surveillance campaigns. The spyware has been used in a massive surveillance operation since at least 2016. Furthermore, multiple cybersecurity firms have reported on Domestic Kitten, which they believe is an Iran-sponsored hacking group. ESET researchers sampled and analyzed the latest FurBall malware version, which has many similarities with previous versions but now includes obfuscation and command-and-control (C2) updates. This discovery also confirms that Domestic Kitten is still ongoing in its sixth year, backing the theory that the operators are linked to the Iranian regime and are enjoying immunity from law enforcement. The new version of FurBall is distributed through fake legitimate-looking websites. Victims go to these fake websites through direct messages, social media posts, emails, SMS, black SEO, and SEO poisoning. In one case, ESET discovered malware hosted on a fake website impersonating a popular English-to-Persian translation service. There is a Google Play button in the fake version that supposedly allows users to download an Android version of the translator, but instead of landing on the app store, they are sent an APK file named 'sarayemaghale.apk.' The spyware is capable of stealing clipboard contents, device location, SMS messages, the contact list, call logs, record calls, the content of notifications, installed and running apps, and more, depending on the permissions defined in the Android app's AndroidManifest.xml file. ESET says that the sample it examined has limited functionality, requesting only access to contacts and storage media. These permissions remain powerful if abused, and will not raise suspicions among the targets, which is likely why the hacking group limited FurBall's potential. This article continues to discuss Domestic Kitten's new version of the FurBall Android spyware.
Bleeping Computer reports "Hacking Group Updates FurBall Android Spyware to Evade Detection"