A new Android surveillance tool discovered by mobile security experts at Zimperium has been attributed to the Islamic Republic of Iran’s (FARAJA) Law Enforcement Command.
Dubbed BouldSpy, the mobile malware has been used by threat actors to target minority groups and potentially those involved in illegal trafficking activities, according to an advisory released by the company on Wednesday.
“BouldSpy has extensive surveillance capabilities, including recording calls, capturing photos, and monitoring account usernames across multiple platforms,” explained Zimperium security researcher Nicolás Chiaraviglio.
BouldSpy keeps your app alive by disabling battery management and setting CPU activation locks while leveraging Android Accessibility Services to perform most of its monitoring actions.
“By abusing CPU locks and disabling battery management features, the spyware prevents the device from shutting down its activities, causing faster battery drain for victims,” Chiaraviglio explained.
“Once installed, BouldSpy establishes a network connection to its command and control server (C2) and exfiltrates cached data from the victim’s device. A background service handles most of the functionality of monitoring and restarts when the user or the Android system stops its main activity.
Read more about Android malware here: New Android Banking Trojan ‘Nexus’ Promoted as MaaS
Zimperium has warned that BouldSpy is very risky for both individuals and the general public due to its advanced surveillance capabilities.
“Selective surveillance of minority groups in Iran may lead to further discrimination and suppression, amplifying existing social and political tensions,” Chiaraviglio wrote.
At the time of writing, Zimperium has observed a limited number of BouldSpy samples, all of which are distributed outside of the Google Play Store via third-party services.
“Spyware has not been distributed through Google Play, which makes it more difficult for users to identify and avoid. Also, this shows the danger of loading apps from unknown third-party sources,” he said Chiaraviglio.
Zimperium’s warning comes weeks after the threat actor known as Mint Sandstorm was observed weaponizing N-day vulnerabilities to target US critical infrastructure.
The media has been abuzz with reports of an Iranian government-linked Android spyware, known as “BouldSpy”, being linked to numerous mobile phones with the Android operating system. This malicious and potentially intrusive piece of software is believed to have been used to monitor targets, such as Iranian dissidents and democratic activists, for activities that go against the Iranian government.
The widespread use of the BouldSpy malware highlights the important role that smart technology plays in today’s society. As an increasingly large proportion of our population relies on smartphones and other digital devices, the need for security and privacy is paramount.
At Ikaroa, we are especially concerned over the proliferation of malicious spyware and the implications it can have on the security and privacy of our users. We are dedicated to providing products and services that ensure the highest level of cybersecurity and user privacy.
In light of this, we recently launched our range of privacy solutions to protect our users’ digital devices against malicious spyware, such as the BouldSpy link. Our security solutions are designed to detect and block malicious threats, such as this Iranian-linked spyware, as well as provide users with the tools and guidance necessary to respond appropriately when a threat is identified.
In addition, we have taken a proactive approach towards fostering a culture of trust, transparency and responsibility in the tech industry by promoting security best practices such as data minimization and encryption. We believe that these measures can help ensure that our users are protected from malicious threats and can enjoy the benefits of technology with the confidence that their data is secure.
At Ikaroa, we are committed to protecting the privacy of our users and ensuring that they are never subjected to intrusive surveillance or predatory practices. We are dedicated to promoting a safer Internet and digital world, and will continue to work toward this goal.