Endpoint/Device Security, Malware, Application security, Threat Management

Updated Furball Android spyware leveraged in new attacks

Iranian state-sponsored threat group Domestic Kitten, also known as APT-C-50, has deployed the updated FurBall Android spyware in mobile surveillance campaigns targeted at Iranian citizens, BleepingComputer reports. Despite having many similarities with prior versions, the new FurBall malware includes obfuscation and command-and-control updates, according to an ESET report. Fraudulent sites impersonating legitimate ones have been leveraged by Domestic Kitten to spread the updated spyware, which has the capability to steal device location, SMS messages, clipboard contents, contact list, call logs, notification contents, device info, and installed and running apps. While the malware sample obtained by ESET only required contacts and storage media access, it could directly retrieve executable commands from its C2 server. The report also showed that class names, logs, strings, and server URI paths have been added to FurBall's new obfuscation layer. Such an obfuscation layer has made the updated spyware detectable by only four antivirus engines on VirusTotal, compared with the older version being identified by 28 AV engines.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.