"Iranian Govt Uses BouldSpy Android Malware for Internal Surveillance Operations"
Lookout Threat Lab researchers discovered BouldSpy, a new Android surveillance malware used by the Law Enforcement Command of the Islamic Republic of Iran (FARAJA). Although the BouldSpy spyware includes ransomware capabilities, Lookout researchers have yet to see the malicious code use them, suggesting that the malware is still in development or that it is a false flag used by its operators. Exfiltrated data from the spyware's command-and-control (C2) servers revealed that BouldSpy was used to spy on over 300 people, including minority groups such as Iranian Kurds, Baluchis, Azeris, and potentially Armenian Christian groups. The malware was most likely used to counter and track illegal trade in weaponry, drugs, and alcohol. According to Lookout, FARAJA uses physical access to devices, likely obtained during detention, to install BouldSpy and further monitor the target after release. Researchers obtained and evaluated a large amount of exfiltrated data, which includes images and device communications such as screenshots of chats, video call recordings, and SMS records. The researchers also found photos of drugs, firearms, and official FARAJA documents, indicating that the spyware may be used by law enforcement. However, much of the victim data points to its broader use, suggesting targeted surveillance efforts against Iranian minorities. This article continues to discuss Iranian authorities using the BouldSpy Android malware to spy on minorities and traffickers.