Malware, Threat Intelligence

Updated DCHSpy spyware variants spread in MuddyWater attacks

Spyware and ransomware concept with digital glitch effect, spooky hooded hacker with magnifying glass stealing online identity nad hacking personal web accounts.

Iranian state-sponsored advanced persistent threat operation MuddyWater, also known as Static Kitten, SeedWorm, and TEMP.Zagros, has launched attacks involving four new variants of its DCHSpy Android spyware amid Iran's ongoing conflict with Israel, reports Security Affairs.

Fake VPN apps Earth VPN and Comodo VPN have been leveraged to spread the updated iterations of DCHSpy, which have gained WhatsApp data exfiltration and file scanning capabilities in addition to the spyware's surveillance, camera and microphone hijacking, and data encryption functionalities, according to a Lookout analysis. Researchers also discovered DCHSpy to share infrastructure and techniques with the SandStrike payload deployed via Telegram and other messaging apps. "These most recent samples of DCHSpy indicate continued development and usage of the surveillanceware as the situation in the Middle East evolves, especially as Iran cracks down on its citizens following the ceasefire with Israel," said Lookout, who noted nation-states' growing use of spyware against their adversaries.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms of Use and Privacy Policy.

You can skip this ad in 5 seconds