Iran-linked APT MuddyWater is deploying a new version of the DCHSpy Android spyware, targeting adversaries with political lures amid the Israel-Iran conflict. The malware gathers extensive personal and device data, leveraging fake VPNs and banking apps to conduct espionage in the Middle East. #MuddyWater #DCHSpy
Keypoints
- MuddyWater is a known Iranian APT actively targeting the Middle East since 2017.
- The group is using new DCHSpy malware disguised as VPN or banking applications to target users.
- DCHSpy can harvest user data, take photos and recordings, and upload information to a C&C server.
- The malware is distributed via fake URLs on messaging platforms like Telegram, exploited with political themes.
- Recent activity indicates ongoing development of surveillance malware amid Middle East conflicts and crackdowns.