A mobile spyware has been found in the wild that is targeting primarily Iranian citizens with some evidence that the Iranian government might be involved. As such the operation was dubbed as Domestic Kitten by the Check Point Researchers who discovered it as ‘Kitten’ follows the common APT nomenclature for the Iranian groups.
Who Are The Main Victims Of The Campaign?
The campaign appears to have been mainly targeting ISIS supporters and also the members of the Kurdish ethnic group residing within Iran. To attract the victims of interest the threat actor has been using the watering-hole approach using the carefully developed fake android application which is loaded with spyware to collect the sensitive information about the users. You can read Check Point’s research brief regarding Domestic Kitten here.
How Many Users Were Affected?
More than 240 users have fallen victim to this spyware according to the data from the spyware. While the number of the direct victims is limited but there are a lot of indirect victims affected by this operation as the full contact list in the victim’s mobile device is being extracted by the spyware.
Once the malware is downloaded and installed in the mobile device it picks up the contacts list in the victim’s mobile device, records phone calls, SMS messages, browser history and the data in the external storage.
The entire data is loaded into an AES encrypted archive Zip file and sends it to the command and control centre using the HTTP POST Request.
Who Is Thought To Be Behind The Campaign?
The Check Point researchers have stated that it is their belief that the Iranian Government is behind this malware – they state;