Close Menu
  • Home
  • Identity
  • Inventions
  • Future
  • Science
  • Startups
  • Spanish
What's Hot

Is ‘Baby Grok’ the Future of Kids’ AI? Elon Musk Launches New Chatbot

Figma’s Dylan Field will win around $60 million in IPO.

Iran-linked DCHSPY Android malware is equipped with a VPN app that spies against the rebels

Facebook X (Twitter) Instagram
  • Home
  • About Us
  • Advertise with Us
  • Contact Us
  • DMCA
  • Privacy Policy
  • Terms & Conditions
  • User-Submitted Posts
Facebook X (Twitter) Instagram
Fyself News
  • Home
  • Identity
  • Inventions
  • Future
  • Science
  • Startups
  • Spanish
Fyself News
Home » Iran-linked DCHSPY Android malware is equipped with a VPN app that spies against the rebels
Identity

Iran-linked DCHSPY Android malware is equipped with a VPN app that spies against the rebels

userBy userJuly 21, 2025No Comments3 Mins Read
Share Facebook Twitter Pinterest Telegram LinkedIn Tumblr Email Copy Link
Follow Us
Google News Flipboard
Share
Facebook Twitter LinkedIn Pinterest Email Copy Link

July 21, 2025Ravi LakshmananSpyware/Mobile Security

Cybersecurity researchers have been distributed to targets by unearthing new Android Spyware artifacts that are likely to belong to Iran’s Ministry of Information Security (MOI) and embellishing the VPN app and StarLink, a satellite internet connection service provided by SpaceX.

Mobile security vendor Lookout said it discovered four samples of surveillance wear tools that it tracks as DCHSPY a week after the Israeli-Iran conflict last month. The number of people who have installed these apps is not clear.

“DCHSPY can collect WhatsApp data, accounts, contacts, SMS, files, locations, call logs, and record audio and take photos,” said security researchers Alemdar Islamoglu and Justin Albrecht.

Cybersecurity

The DCHSPY, first detected in July 2024, is rated as handicraft by Muddywater, an Iranian nation-state group associated with MOI. The hacking crew is also known as Boggy Serpens, Cobalt Ulster, Earth Vetala, ITG17, Mango Sandstorm (formerly mercury), seedlings, static kittens, TA450, and Yellowknix.

The early repetition of DCHSPY has been identified as targeting English and Falsi speakers through telegram channels using themes that run counters to the Iranian regime. Given the use of VPN lures to promote malware, it is possible that dissidents, activists and journalists are targets for their activities.

The newly identified DCHSPY variant is suspected to have been deployed against the enemy in the wake of recent conflicts in the region. Apparently useful services like Regional VPN (“com.earth.earth_vpn”), Comodo vpn (“com.comodoapp.comodovpn”), Hide vpn (“com.hv.hide_vpn”)

Interestingly, I found that one of the Earth VPN APP samples is distributed in the form of an APK file using the name “Starlink_vpn(1.3.0)-3012(1).apk”.

It is worth noting that Starlink’s satellite internet service was activated in Iran last month amid a government-imposed internet blackout. But a few weeks later, the country’s parliament voted to ban its use against fraudulent operations.

The modular trojan, DCHSPY is equipped to collect a wide range of data, including device-signed accounts, contacts, SMS messages, call logs, files, locations, ambient audio, photos, WhatsApp information, and more.

DCHSPY also shares infrastructure with another Android malware known as SandStrike. It targets Persian-speaking individuals by posing in November 2022 by Kaspersky as a seemingly harmless VPN application.

Cybersecurity

DCHSPY Discovery is the latest instance of Android spyware used to target individuals and groups in the Middle East. Other documented malware strains include AridSpy, Bouldspy, Guardzoo, Ratmilad, and Spynote.

“DChspy uses similar tactics and infrastructure to Sandstrike,” Lookout says. “It is distributed to target groups and individuals by leveraging malicious URLs that are shared directly through messaging apps such as Telegram.”

“These recent samples of DCHSPY show the continued development and use of surveillance wear, particularly as the Middle East situation evolves, especially as Iran cracks down on its citizens following the ceasefire with Israel.”


Source link

#BlockchainIdentity #Cybersecurity #DataProtection #DigitalEthics #DigitalIdentity #Privacy
Follow on Google News Follow on Flipboard
Share. Facebook Twitter Pinterest LinkedIn Tumblr Email Copy Link
Previous ArticleChina-linked hackers launch targeted spy campaigns on Africa’s IT infrastructure
Next Article Figma’s Dylan Field will win around $60 million in IPO.
user
  • Website

Related Posts

China-linked hackers launch targeted spy campaigns on Africa’s IT infrastructure

July 21, 2025

SharePoint 0-Day, Chrome Exploit, macOS Spyware, NVIDIA Toolkit RCE and More

July 21, 2025

Evaluating the role of AI in Zero Trust

July 21, 2025
Add A Comment
Leave A Reply Cancel Reply

Latest Posts

Is ‘Baby Grok’ the Future of Kids’ AI? Elon Musk Launches New Chatbot

Figma’s Dylan Field will win around $60 million in IPO.

Iran-linked DCHSPY Android malware is equipped with a VPN app that spies against the rebels

China-linked hackers launch targeted spy campaigns on Africa’s IT infrastructure

Trending Posts

Subscribe to News

Subscribe to our newsletter and never miss our latest news

Please enable JavaScript in your browser to complete this form.
Loading

Welcome to Fyself News, your go-to platform for the latest in tech, startups, inventions, sustainability, and fintech! We are a passionate team of enthusiasts committed to bringing you timely, insightful, and accurate information on the most pressing developments across these industries. Whether you’re an entrepreneur, investor, or just someone curious about the future of technology and innovation, Fyself News has something for you.

Is ‘Baby Grok’ the Future of Kids’ AI? Elon Musk Launches New Chatbot

Next-Gen Digital Identity: How TwinH and Avatars Are Redefining Creation

BREAKING: TwinH Set to Revolutionize Legal Processes – Presented Today at ICEX Forum 2025

Building AGI: Zuckerberg Commits Billions to Meta’s Superintelligence Data Center Expansion

Facebook X (Twitter) Instagram Pinterest YouTube
  • Home
  • About Us
  • Advertise with Us
  • Contact Us
  • DMCA
  • Privacy Policy
  • Terms & Conditions
  • User-Submitted Posts
© 2025 news.fyself. Designed by by fyself.

Type above and press Enter to search. Press Esc to cancel.