EXECUTIVE SUMMARY:

Check Point researchers have revealed an extensive and targeted attack that has been taking place since 2016, which they believe to be of Iranian origin. Using mobile applications, cyberattackers deployed spoofed content designed to entice victims to download applications loaded with spyware, to collect sensitive information about them.

The targeted victims included Kurdish and Turkish natives and ISIS supporters. The researchers noted, “Most interesting of all, though, is that all these targets are actually Iranian citizens.”

The decoy content included wallpaper and news apps. As Newsweek reports, the wallpaper app offered jihadi-themed images, and the news application was a spoofed, mirrored version of a legitimate Kurdish media source, ANF News Agency. In their report, the researchers say they named this operation ‘Domestic Kitten’ in line with the naming of other Iranian APT attacks.

When targets were tricked into downloading one of the malicious apps, attackers were able to gain full access to text messages, phone call records, contact lists, browser history and bookmarks, external storage, application lists, clipboard content, geo-location, camera photos, and surrounding voice recordings.

Attackers assigned each of the estimated 240 users that fell victim a unique log that they could refer to at any time. The researchers pointed out that because contact lists were among the stolen information, many more people than the 240 who downloaded the apps may have been affected.

From their investigations, the researchers learned that Iran frequently conducts surveillance of this kind on groups that it believes “could pose a threat to stability of the Iranian regime.”

Get the full story at Check Point Research.