The Iranian threat actor known as Domestic Kitten has been attributed to a new mobile campaign that masquerades as a translation app to distribute an updated variant of an Android malware known as FurBall.
“Since June 2021, it has been distributed as a translation app via a copycat of an Iranian website that provides translated articles, journals, and books,” ESET researcher Lukas Stefanko said in a report shared with The Hacker News.
The updates, while retaining the same surveillance functionality as earlier versions, are designed to evade detection by security solutions, the Slovak cybersecurity firm added.
Domestic Kitten, also called APT-C-50, is an Iranian threat activity cluster that has been previously identified as targeting individuals of interest with the goal of harvesting sensitive information from compromised mobile devices. It’s been known to be active since at least 2016.
A tactical analysis conducted by Trend Micro in 2019 revealed Domestic Kitten’s potential connections to another group called Bouncing Golf, a cyber espionage campaign targeting Middle Eastern countries.
images from Hacker News