Iranian state-sponsored advanced persistent threat operation MuddyWater, also known as Static Kitten, SeedWorm, and TEMP.Zagros, has launched attacks involving four new variants of its DCHSpy Android spyware amid Iran's ongoing conflict with Israel, reports Security Affairs.Fake VPN apps Earth VPN and Comodo VPN have been leveraged to spread the updated iterations of DCHSpy, which have gained WhatsApp data exfiltration and file scanning capabilities in addition to the spyware's surveillance, camera and microphone hijacking, and data encryption functionalities, according to a Lookout analysis. Researchers also discovered DCHSpy to share infrastructure and techniques with the SandStrike payload deployed via Telegram and other messaging apps. "These most recent samples of DCHSpy indicate continued development and usage of the surveillanceware as the situation in the Middle East evolves, especially as Iran cracks down on its citizens following the ceasefire with Israel," said Lookout, who noted nation-states' growing use of spyware against their adversaries.
Malware, Threat Intelligence
Updated DCHSpy spyware variants spread in MuddyWater attacks

(Adobe Stock)
Get daily email updates
SC Media's daily must-read of the most current and pressing daily news
You can skip this ad in 5 seconds



