Kaspersky has warned of a previously undetected espionage campaign that is targeting the Persian-speaking religious minority Baha’i. The campaign is leveraging Android spyware to target the group with a malicious VPN application that claims to provide access to Baha’i religious resources that are banned in Iran. The application contains highly sophisticated spyware, Kaspersky says. The spyware is designed to collect data from all types of devices, including call logs, activity, and contacts lists. The malware is called SandStrike.
Kaspersky states that the threat actor behind the malware created Facebook and Instagram accounts with over 1,000 followers to lure victims into downloading the malicious materials. In addition, the accounts contain a link to a Telegram channel that is controlled by the attackers. Kaspersky states that the report of SandStrike spyware comes just weeks after Iran intensified its persecution of the religious minority.