Menu

  • Alerts
  • Incidents
  • News
  • APTs
  • Cyber Decoded
  • Cyber Hygiene
  • Cyber Review
  • Cyber Tips
  • Definitions
  • Malware
  • Threat Actors
  • Tutorials

Useful Tools

  • Password generator
  • Report an incident
  • Report to authorities
No Result
View All Result
CTF Hack Havoc
CyberMaterial
  • Education
    • Cyber Decoded
    • Definitions
  • Information
    • Alerts
    • Incidents
    • News
  • Insights
    • Cyber Hygiene
    • Cyber Review
    • Tips
    • Tutorials
  • Support
    • Contact Us
    • Report an incident
  • About
    • About Us
    • Advertise with us
Get Help
Hall of Hacks
  • Education
    • Cyber Decoded
    • Definitions
  • Information
    • Alerts
    • Incidents
    • News
  • Insights
    • Cyber Hygiene
    • Cyber Review
    • Tips
    • Tutorials
  • Support
    • Contact Us
    • Report an incident
  • About
    • About Us
    • Advertise with us
Get Help
No Result
View All Result
Hall of Hacks
CyberMaterial
No Result
View All Result
Home Alerts

Iranian authorities use BouldSpy to spy

May 2, 2023
Reading Time: 3 mins read
in Alerts

The Law Enforcement Command of the Islamic Republic of Iran (FARAJA) has been discovered using a new Android spyware called BouldSpy to monitor minority groups and potential traffickers. The spyware was discovered by researchers at the Lookout Threat Lab in March 2020, and has since been tracked by multiple security experts.

Although the BouldSpy spyware supports ransomware capabilities, Lookout researchers have not seen the malware use them, which suggests that it is still under development or is being used as a false flag by its operators.

BouldSpy has been used to spy on over 300 people, including Iranian Kurds, Baluchis, Azeris, and possibly Armenian Christian groups. The malware was likely used to monitor illegal trafficking activity related to arms, drugs, and alcohol. The Lookout report suggests that FARAJA uses physical access to devices, likely obtained during detention, to install BouldSpy and further monitor the target upon release.

The report provides a list of surveillance capabilities supported by the spyware, including account usernames, installed apps, browser history, live call recordings, call logs, photos from device cameras, device information, file lists, clipboard content, keylogs, location information, SMS messages, audio recordings, and screenshots.

The experts believe BouldSpy is a new malware family due to the relatively small number of samples they have obtained. The report also points out the lack of maturity in operational security employed by the operators, such as unencrypted C2 traffic, hardcoded plaintext C2 infrastructure details, and a lack of string obfuscation. The spyware can run arbitrary code, download and run additional payloads, and receive commands via C2 web traffic and SMS messages.

Most of the activities performed by the malware are done in the background by abusing Android accessibility services. The spyware also relies on the CPU wake lock and disables battery management to prevent the OS from closing the process associated with the malware.

Overall, the report by Lookout provides insights into the tactics used by the Law Enforcement Command of the Islamic Republic of Iran (FARAJA) to monitor potential threats and minority groups.

The BouldSpy spyware appears to be a new malware family and has not yet reached its full potential. The lack of maturity in operational security employed by the operators suggests that there is a possibility of detection and that the malware is still in development.

The report provides Indicators of Compromise (IoCs) for the BouldSpy spyware, which can help organizations to detect and mitigate the threat.

Reference:
  • Lookout Discovers Android Spyware Tied to Iranian Police Targeting Minorities: BouldSpy
Tags: AndroidBouldSpyCyber AlertCyber Alerts 2023FARAJAIranMalwareMay 2023spyware
ADVERTISEMENT

Related Posts

Open VSX Flaw Allowed Extension Hijacks

Open VSX Flaw Allowed Extension Hijacks

June 27, 2025
Open VSX Flaw Allowed Extension Hijacks

nOAuth Flaw Allows Easy Account Takeover

June 27, 2025
Open VSX Flaw Allowed Extension Hijacks

Unpatchable Flaw In Hundreds Of Printers

June 27, 2025
New Malware Uses Prompts To Trick AI Tools

Fake Job Offers Hide North Korean Malware

June 26, 2025
New Malware Uses Prompts To Trick AI Tools

New Malware Uses Prompts To Trick AI Tools

June 26, 2025
New Malware Uses Prompts To Trick AI Tools

New Zero Day Flaw Hits Citrix NetScaler

June 26, 2025

Latest Alerts

nOAuth Flaw Allows Easy Account Takeover

Unpatchable Flaw In Hundreds Of Printers

Open VSX Flaw Allowed Extension Hijacks

Fake Job Offers Hide North Korean Malware

New Malware Uses Prompts To Trick AI Tools

New Zero Day Flaw Hits Citrix NetScaler

Subscribe to our newsletter

    Latest Incidents

    Hawaiian Airlines Hit By Cyberattack

    Qilin Ransomware Gang Hacks Estes Freight

    Generali Customer Data Exposed In Hack

    Resupply DeFi Protocol Hacked For $9.6M

    Cyberattack Hits South Tyrol Emergency Ops

    UK’s Glasgow City Council Hit By Cyberattack

    CyberMaterial Logo
    • About Us
    • Contact Us
    • Jobs
    • Legal and Privacy Policy
    • Site Map

    © 2025 | CyberMaterial | All rights reserved

    Welcome Back!

    Login to your account below

    Forgotten Password?

    Retrieve your password

    Please enter your username or email address to reset your password.

    Log In

    Add New Playlist

    No Result
    View All Result
    • Alerts
    • Incidents
    • News
    • Cyber Decoded
    • Cyber Hygiene
    • Cyber Review
    • Definitions
    • Malware
    • Cyber Tips
    • Tutorials
    • Advanced Persistent Threats
    • Threat Actors
    • Report an incident
    • Password Generator
    • About Us
    • Contact Us
    • Advertise with us

    Copyright © 2025 CyberMaterial