Lookout researchers have identified that Iran-linked APT MuddyWater is deploying a new version of the DCHSpy Android spyware amid regional conflicts, targeting multiple sectors worldwide. This surveillance malware steals data via malicious apps distributed through Telegram and uses advanced evasion techniques. #MuddyWater #DCHSpy
Keypoints
- MuddyWater, an Iranian APT, has been active since 2017 targeting Middle Eastern and global organizations.
- The group primarily targets telecommunications, government, and energy sectors across multiple continents.
- The newly identified DCHSpy Android spyware steals contacts, messages, and multimedia data while maintaining remote control capabilities.
- Malicious apps like fake VPNs are used to deliver DCHSpy, often shared via Telegram with anti-regime themes.
- Recent activity indicates ongoing development of surveillance tools, especially in response to the Israel-Iran conflict and regional tensions.