Iranian state-sponsored threat group Domestic Kitten, also known as APT-C-50, has deployed the updated FurBall Android spyware in mobile surveillance campaigns targeted at Iranian citizens, BleepingComputer reports.
Despite having many similarities with prior versions, the new FurBall malware includes obfuscation and command-and-control updates, according to an ESET report.
Fraudulent sites impersonating legitimate ones have been leveraged by Domestic Kitten to spread the updated spyware, which has the capability to steal device location, SMS messages, clipboard contents, contact list, call logs, notification contents, device info, and installed and running apps. While the malware sample obtained by ESET only required contacts and storage media access, it could directly retrieve executable commands from its C2 server.
The report also showed that class names, logs, strings, and server URI paths have been added to FurBall's new obfuscation layer. Such an obfuscation layer has made the updated spyware detectable by only four antivirus engines on VirusTotal, compared with the older version being identified by 28 AV engines.
Endpoint/Device Security, Malware, Application security, Threat Management
Updated Furball Android spyware leveraged in new attacks
An In-Depth Guide to Application Security
Get essential knowledge and practical strategies to fortify your applications.
Get daily email updates
SC Media's daily must-read of the most current and pressing daily news
You can skip this ad in 5 seconds