Menu

  • Alerts
  • Incidents
  • News
  • APTs
  • Cyber Decoded
  • Cyber Hygiene
  • Cyber Review
  • Cyber Tips
  • Definitions
  • Malware
  • Threat Actors
  • Tutorials

Useful Tools

  • Password generator
  • Report an incident
  • Report to authorities
No Result
View All Result
CTF Hack Havoc
CyberMaterial
  • Education
    • Cyber Decoded
    • Definitions
  • Information
    • Alerts
    • Incidents
    • News
  • Insights
    • Cyber Hygiene
    • Cyber Review
    • Tips
    • Tutorials
  • Support
    • Contact Us
    • Report an incident
  • About
    • About Us
    • Advertise with us
Get Help
Hall of Hacks
  • Education
    • Cyber Decoded
    • Definitions
  • Information
    • Alerts
    • Incidents
    • News
  • Insights
    • Cyber Hygiene
    • Cyber Review
    • Tips
    • Tutorials
  • Support
    • Contact Us
    • Report an incident
  • About
    • About Us
    • Advertise with us
Get Help
No Result
View All Result
Hall of Hacks
CyberMaterial
No Result
View All Result
Home Alerts

Iranian authorities use BouldSpy to spy

May 2, 2023
Reading Time: 3 mins read
in Alerts

The Law Enforcement Command of the Islamic Republic of Iran (FARAJA) has been discovered using a new Android spyware called BouldSpy to monitor minority groups and potential traffickers. The spyware was discovered by researchers at the Lookout Threat Lab in March 2020, and has since been tracked by multiple security experts.

Although the BouldSpy spyware supports ransomware capabilities, Lookout researchers have not seen the malware use them, which suggests that it is still under development or is being used as a false flag by its operators.

BouldSpy has been used to spy on over 300 people, including Iranian Kurds, Baluchis, Azeris, and possibly Armenian Christian groups. The malware was likely used to monitor illegal trafficking activity related to arms, drugs, and alcohol. The Lookout report suggests that FARAJA uses physical access to devices, likely obtained during detention, to install BouldSpy and further monitor the target upon release.

The report provides a list of surveillance capabilities supported by the spyware, including account usernames, installed apps, browser history, live call recordings, call logs, photos from device cameras, device information, file lists, clipboard content, keylogs, location information, SMS messages, audio recordings, and screenshots.

The experts believe BouldSpy is a new malware family due to the relatively small number of samples they have obtained. The report also points out the lack of maturity in operational security employed by the operators, such as unencrypted C2 traffic, hardcoded plaintext C2 infrastructure details, and a lack of string obfuscation. The spyware can run arbitrary code, download and run additional payloads, and receive commands via C2 web traffic and SMS messages.

Most of the activities performed by the malware are done in the background by abusing Android accessibility services. The spyware also relies on the CPU wake lock and disables battery management to prevent the OS from closing the process associated with the malware.

Overall, the report by Lookout provides insights into the tactics used by the Law Enforcement Command of the Islamic Republic of Iran (FARAJA) to monitor potential threats and minority groups.

The BouldSpy spyware appears to be a new malware family and has not yet reached its full potential. The lack of maturity in operational security employed by the operators suggests that there is a possibility of detection and that the malware is still in development.

The report provides Indicators of Compromise (IoCs) for the BouldSpy spyware, which can help organizations to detect and mitigate the threat.

Reference:
  • Lookout Discovers Android Spyware Tied to Iranian Police Targeting Minorities: BouldSpy
Tags: AndroidBouldSpyCyber AlertCyber Alerts 2023FARAJAIranMalwareMay 2023spyware
ADVERTISEMENT

Related Posts

Fake Firms Push Malware on Crypto Users

Fake Sites Push Investment Scams

July 11, 2025
Fake Firms Push Malware on Crypto Users

Severe WordPress Flaw 200K Sites at Risk

July 11, 2025
Fake Firms Push Malware on Crypto Users

Fake Firms Push Malware on Crypto Users

July 11, 2025
Hackers Revive SEO Poisoning

Hackers Revive SEO Poisoning

July 10, 2025
Hackers Revive SEO Poisoning

RondoDox Botnet Exploits Router Flaws

July 10, 2025
Hackers Revive SEO Poisoning

ServiceNow Data Exposure via ACLs

July 10, 2025

Latest Alerts

Fake Sites Push Investment Scams

Fake Firms Push Malware on Crypto Users

Severe WordPress Flaw 200K Sites at Risk

RondoDox Botnet Exploits Router Flaws

ServiceNow Data Exposure via ACLs

Hackers Revive SEO Poisoning

Subscribe to our newsletter

    Latest Incidents

    Microsoft’s Outlook Long Outage

    Avantic Lab Affected By Ransomware

    $40M+ Stolen from GMX Crypto Platform

    Bitcoin Depot Breach Exposes Data

    McDonald’s AI Hiring Bot Exposes Data

    Nippon Steel Solutions Data Breach

    CyberMaterial Logo
    • About Us
    • Contact Us
    • Jobs
    • Legal and Privacy Policy
    • Site Map

    © 2025 | CyberMaterial | All rights reserved

    Welcome Back!

    Login to your account below

    Forgotten Password?

    Retrieve your password

    Please enter your username or email address to reset your password.

    Log In

    Add New Playlist

    No Result
    View All Result
    • Alerts
    • Incidents
    • News
    • Cyber Decoded
    • Cyber Hygiene
    • Cyber Review
    • Definitions
    • Malware
    • Cyber Tips
    • Tutorials
    • Advanced Persistent Threats
    • Threat Actors
    • Report an incident
    • Password Generator
    • About Us
    • Contact Us
    • Advertise with us

    Copyright © 2025 CyberMaterial