"New Iranian Hacking Group APT42 Deploys Custom Android Spyware"

APT42 is a new Iranian state-sponsored hacking group discovered using custom Android malware to spy on targets. Sufficient evidence has been gathered to conclude that APT42 is a state-sponsored threat actor that conducts cyberespionage against individuals and organizations of particular interest to the Iranian government. The first signs of APT42's activity date back seven years and involve spear-phishing campaigns that targeted government officials, policymakers, journalists, academics, and Iranian dissidents. The hackers' goal appears to be to steal account credentials, but in many cases, they also deploy a custom Android malware strain capable of tracking victims, accessing device storage, and stealing communication data. According to Mandiant, who discovered the new hacking group's activities, APT42 has conducted at least 30 operations in 14 countries since 2015. However, this is most likely only a small portion that became public due to operational security mistakes that enabled tracking. To match changing intelligence-collection interests, the group switched targets several times. In 2020, APT42 targeted foreign pharmaceuticals with phishing emails impersonating an Oxford university vaccinologist. In 2021, APT42 targeted victims with fake interview requests using compromised email addresses from US media organizations, engaging with them for 37 days before striking with a credential harvesting page. More recently, in February 2022, the hackers impersonated a British news agency to target political science professors in Belgium and the United Arab Emirates. This article continues to discuss the findings regarding APT42's campaigns and targets, as well as its use of custom Android malware. 

Bleeping Computer reports "New Iranian Hacking Group APT42 Deploys Custom Android Spyware"