A new version of the Android surveillanceware DCHSpy has emerged, linked to Iran’s MuddyWater threat group, targeting high-value geopolitical entities worldwide. The malware now includes enhanced capabilities such as data harvesting, device control, and exfiltration, often disguised as legitimate VPN services. #DCHSpy #MuddyWater
Keypoints
- DCHSpy is a sophisticated Android spyware linked to Iran’s MuddyWater group.
- Recent updates include features to control microphones, cameras, and exfiltrate sensitive data.
- The malware is distributed through fake VPN apps with Starlink-themed lures on Telegram.
- Shared infrastructure connects DCHSpy with other Iranian surveillance tools like SandStrike.
- Iranian threat actors continue developing and deploying mobile surveillanceware across multiple campaigns.