Jihadist wallpaper app used to hack Iranians’ phones, says Israeli security firm
Check Point says recent malware attack, likely by regime, lured minorities and possible IS supporters into downloading spy apps, then stole their data
A recent cyber-espionage operation in Iran has targeted minorities in the country with spyware that hijacks their phones and provides the attacker with a wealth of information on their activities, an Israel cybersecurity firm said Wednesday.
According to the Check Point company, the hackers broke into the devices of at least 240 people, including members of Iran’s Turkish and Kurdish minorities, as well as suspected Islamic State supporters.
“While the exact identity of the actor behind the attack remains unconfirmed, current observations of those targeted, the nature of the apps and the attack infrastructure involved leads us to believe this operation is of Iranian origin,” Check Point said.
Victims were sent links that lured them into downloading apps that could be of interest to them: in the case of IS backers, an app that sets wallpaper of the group; for Kurds, software posing as the official app of the ANF Kurdish news agency.
When downloaded, the malware begins to collect data “including contact lists stored on the victim’s mobile device, phone call records, SMS messages, browser history and bookmarks, geo-location of the victim, photos, surrounding voice recordings and more,” said Check Point.
In August the New York Times reported that Israeli phone-hacking technology was used by the government of the United Arab Emirates to spy on political and regional rivals as well as members of the media.
Two lawsuits against the Herzliya-based NSO Group allege that the company and and its affiliates provided UAE leaders with software that hacked victims’ phones. They also claim NSO actively engaged in illegal activities for its UAE clients.