Sunday, July 14, 2024
EHA

Domestic Kitten – Extensive Surveillance Operation Against Iranian citizens

Researchers have studied and analyzed the workings of the hacking group Domestic Kitten. Domestic Kitten also goes by the name APT-50, and has been accused of deceiving people by having them install spyware on their mobile devices and PCs’.

The attacks were targeted against residents of 12 countries, including those of the UK, and USA. The installed spyware was being used to steal call recordings and media files from the victims’ devices.

Domestic Kitten was tricking people into downloading its spyware by:

  1. repackaging an existing version of an authentic video game found on the Google Play store
  2. mimicking an app for a restaurant in Tehran
  3. providing a compromised app that publishes articles from a local news agency
  4. offering a fake mobile-security app
  5. supplying an infected wallpaper app containing pro-Islamic State imagery 
  6. masquerading as an Android application store to download further software
FurBall Repacked ‘Exotic Flowers’ cover, and an ISIS supported cover

It is believed that Domestic Kitten has been running this campaign at least for the past 4 years and that no less than 1200 individuals have been targeted and attacked.

CampaignStartEnd
hass44136Currently active
or4395243983
mat4380044013
hj4358643922
oth43252Currently active
hr4300943040
maj4300943617
mmh42917Currently active
msd42887Currently active
grt4288743709
Domestic Kitten Campaign list

The APT uses a mobile malware that is called FurBall. FurBall is transmitted via a variety of methods including phishing, Telegram channels, SMS messages containing a link to the malware, and Iranian websites.

Once FurBall is installed on the targeted device it intercepts SMS messages, grabs call logs, gathers device information, records communication, steals and stores media and files, monitors the device’s GPS coordinates, and many such activities.

Once the device has been compromised, it collates the data and is sent to command-and-control (C2) servers under Domestic Kitten’s usage since 2018.

Linked IP addresses were traced back to the Iranian cities of Tehran and Karaj. Another group that goes by the name of Infy too has been identified. This group targets users’ PCs’ and not their mobile devices. This group is believed to be state-sponsored and is in existence since 2007.

You can follow us on LinkedinTwitterFacebook for daily Cybersecurity and hacking news updates.

Also Read

Fox Kitten – Iranian Malware Campaign Exploiting Vulnerable VPN Servers To Hack The Organizations Internal Networks

Charming Kitten APT Hackers Group Abusing Google Services to Attack U.S Presidential Campaign Members

Website

Latest articles

mSpy Data Breach: Millions of Customers’ Data Exposed

mSpy, a widely used phone spyware application, has suffered a significant data breach, exposing...

Advance Auto Parts Cyber Attack: Over 2 Million Users Data Exposed

RALEIGH, NC—Advance Stores Company, Incorporated, a prominent commercial entity in the automotive industry, has...

Hackers Using ClickFix Social Engineering Tactics to Deploy Malware

Cybersecurity researchers at McAfee Labs have uncovered a sophisticated new method of malware delivery,...

Coyote Banking Trojan Attacking Windows Users To Steal Login Details

Hackers use Banking Trojans to steal sensitive financial information. These Trojans can also intercept...

Hackers Created 700+ Fake Domains to Sell Olympic Games Tickets

As the world eagerly anticipates the Olympic Games Paris 2024, a cybersecurity threat has...

Japanese Space Agency Spotted zero-day via Microsoft 365 Services

The Japan Aerospace Exploration Agency (JAXA) has revealed details of a cybersecurity incident that...

Top 10 Active Directory Management Tools – 2024

Active Directory Management Tools are essential for IT administrators to manage and secure Active...
Guru baran
Guru baranhttps://gbhackers.com
Gurubaran is a co-founder of Cyber Security News and GBHackers On Security. He has 10+ years of experience as a Security Consultant, Editor, and Analyst in cybersecurity, technology, and communications.

Free Webinar

Low Rate DDoS Attack

9 of 10 sites on the AppTrana network have faced a DDoS attack in the last 30 days.
Some DDoS attacks could readily be blocked by rate-limiting, IP reputation checks and other basic mitigation methods.
More than 50% of the DDoS attacks are employing botnets to send slow DDoS attacks where millions of IPs are being employed to send one or two requests per minute..
Key takeaways include:

  • The mechanics of a low-DDoS attack
  • Fundamentals of behavioural AI and rate-limiting
  • Surgical mitigation actions to minimize false positives
  • Role of managed services in DDoS monitoring

Related Articles