State-sponsored Iranian hackers uploaded fake VPN app to Google's Play store, posed as university officials

Written by
Oct 14, 2021 | CYBERSCOOP

Suspected government-backed hackers from Iran have used an array of techniques, from password theft to uploading a fake app to a prominent app marketplace, to try gathering intelligence from targets over the past year, Google said in a bulletin published Thursday.

The espionage group APT35, also known as Charming Kitten, last year successfully uploaded to Google’s Play Store an app that masqueraded as a virtual private network service, claiming the tool would safeguard user data. In fact, the apparent VPN program functioned as spyware, collecting call logs, text messages, contacts and location data from affected devices. Google said in an Oct. 14 update that it detected the program “quickly” and removed it before any downloads occurred.

The surveillance app marks an update to existing APT 35 tactics. The group is best known for reportedly targeting email accounts associated with former President Donald Trump’s election campaign in 2020 and espionage around major geopolitical events, such as negotiations related to the 2015 nuclear deal between the U.S. and Iran.

The threat intelligence firm FireEye in 2018 said the group operates “at the behest of the Iranian government.”

Along with the malicious VPN

Read More: