TZUTC: -0500   
   MSGID: 1258.consprcy@1:2320/105 2ce629e3   
   PID: Synchronet 3.21a-Linux master/123f2d28a Jul 12 2025 GCC 12.2.0   
   TID: SBBSecho 3.28-Linux master/123f2d28a Jul 12 2025 GCC 12.2.0   
   BBSID: CAPCITY2   
   CHRS: ASCII 1   
   FORMAT: flowed   
   Beware of Iran-linked fake VPN apps found to spy on Android users   
      
   Date:   
   Tue, 22 Jul 2025 16:17:07 +0000   
      
   Description:   
   While VPN demand has soared across Iran since June 13, researchers discovered   
   a new Android spyware campaign starting one week after the Israel-Iran   
   conflict began.   
      
   FULL STORY   
      
   Researchers have discovered a new Iran-linked spyware campaign that mostly   
   targets Android VPN users.    
      
   The team at security software provider, Lookout, found a new version of   
   DCHSpy, an Android spyware that masquerades as legitimate VPN apps or other   
   applications. This includes Starlink, a satellite internet connection service   
   offered by SpaceX.    
      
   The malware campaign, according to experts' findings , was deployed by the   
   hacking group MuddyWater only a week after the Israel-Iran conflict began   
   exactly when VPN demand skyrocketed in Iran as citizens looked for ways to   
   bypass new internet restrictions. DCHSpy 2025  what are the risk? A virtual   
   private network (VPN) is security software that encrypts all internet   
   connections while spoofing a user's real IP address location. The latter    
   skill is exactly what's needed to bypass geo-restrictions like those in place   
   in Iran right now.   
      
   As experts explain, DCHSpy is an intrusive piece of software that can collect   
   users' sensitive information like WhatsApp data, contacts, SMS, files,   
   location, and call logs, while even recording audio and taking photos.    
      
   First detected in July 2024, DCHSpy is maintained by MuddyWater hackers, a   
   group thought to have links with Iran's Ministry of Intelligence and    
   Security.    
      
   Experts have now discovered four new samples of DCHSpy.    
      
   "These new samples show that MuddyWater has continued to develop the   
   surveillanceware with new capabilities  this time exhibiting the ability to   
   identify and exfiltrate data from files of interest on the device as well as   
   WhatsApp data," explains Lookout.    
      
   Specifically, hackers appear to be using two malicious VPN services, called   
   EarthVPN and ComodoVPN, as a way to spread the malware .    
      
   HideVPN was another fake VPN app previously used to deploy DCHSpy.   
      
   According to Iranian Information Security Analyst, Azam Jangrevi, the latest   
   findings are a stark reminder of how sophisticated and targeted mobile   
   surveillance has become.    
      
   "Whats especially concerning is its use of trusted platforms like Telegram to   
   distribute malicious APKs, often under the guise of tools meant to protect   
   privacy," Jangrevi told TechRadar.    
      
   The risk for Iranians is especially high, considering that, as mentioned   
   earlier, citizens have been increasingly turning to the best VPN apps as the   
   internet becomes increasingly restricted.   
      
   How to stay safe    
      
   Jangrevi recommends anyone looking to download a new VPN service, or any    
   other application for that matter, to be vigilant.    
      
   "Avoid downloading apps from unofficial sources, even if they appear to offer   
   enhanced privacy. Stick to verified app stores, scrutinize app permissions,   
   and use mobile security solutions that can detect threats like DCHSpy," said   
   Jangrevi.    
      
   If youre in a high-risk region or profession such as journalism or activism,   
   Jangrevi also suggests using hardware-based security keys and encrypted   
   messaging apps vetted by independent researchers.    
      
   She said: "This incident underscores the need for greater awareness around   
   mobile threat vectors and the importance of digital hygiene in an    
   increasingly hostile cyber landscape."   
      
   ======================================================================   
   Link to news story:   
   https://www.techradar.com/vpn/vpn-privacy-security/beware-iran-linked-fake-vpn   
   -apps-found-to-spy-on-android-users   
      
   $$   
   --- SBBSecho 3.28-Linux   
    * Origin: capitolcityonline.net * Telnet/SSH:2022/HTTP (1:2320/105)   
   SEEN-BY: 105/81 106/201 128/187 129/14 305 153/7715 154/110 218/700   
   SEEN-BY: 226/30 227/114 229/110 111 206 300 307 317 400 426 428 664   
   SEEN-BY: 229/700 705 266/512 291/111 320/219 322/757 342/200 396/45   
   SEEN-BY: 460/58 712/848 902/26 2320/0 105 304 3634/12 5075/35   
   PATH: 2320/105 229/426