Cybersecurity experts have uncovered new Android spyware called DCHSpy, linked to Iranian state actors, used to target dissidents and activists. The malware impersonates VPNs and Starlink to gather extensive user data, with ongoing development amid regional tensions. #MuddyWater #DCHSpy
Keypoints
- DCHSpy is a modular Android spyware linked to Iranian government-backed groups like MuddyWater.
- The malware masquerades as VPN apps and Starlink-related files to deceive targets.
- It collects a wide range of personal data, including WhatsApp information, call logs, and files.
- The malware is being used against dissidents, activists, and journalists in the Middle East.
- Similar tactics are observed with other malware such as SandStrike and SpyNote.
Read More: https://thehackernews.com/2025/07/iran-linked-dchspy-android-malware.html