Iran-Linked Hackers Expand Arsenal With New Android Backdoor
Charming Kitten, an Iran-backed advanced persistent threat group, has allegedly added a new Android backdoor to its repository. The group has also successfully compromised individuals associated with the Iran reformist movement as of late, according to security researchers at IBM. The group has been active since 2011 and frequently targets government organizations, journalists, activists, human rights advocates, and other entities such as the World Health Organization and presidential campaigns. Last year, the group exposed approximately 40GB of videos and other content associated with its operations, assumedly by accident. The data contained training videos on how to exfiltrate data from online accounts and details of the successful compromisation of certain targets.
According to IBM, between August 2020 and May 2021, the group conducted successful attacks against targets associated or aligned with the Iranian reformist movement, however, the group continued to make operational security errors. IBM recently discovered a new backdoor dubbed LittleLooter that appears to be exclusive to Charming Kitten. The backdoor allows the APT to boast extensive information-stealing capabilities such as video and live screen recording, number calling, file upload/download, voice call recording, GPS data gathering, device information harvesting, picture-snapping, SMS retrieval, contact information stealing, and more.