The Iranian military has developed several apps that contain sophisticated spying tools and are available on the App Store, Google Play Store and Github, allege critics of the country’s Islamic regime.
The Iranian military is developing and using advanced spying tools to carry out active surveillance on critics as well as foreign nations that are not in friendly terms with the Islamic regime.
In a report accessed by Daily Star Online, the National Council of Resistance of Iran, which carries out regular protests and rallies against the government, has detailed out how the elite Iranian Revolutionary Guard is injecting advanced spying tools into apps and carrying out surveillance on millions of Iranians and people in Western countries.
Several apps developed by the Iranian military have found their way into official stores like iTunes, Google, and Github and are now being used not only to monitor the digital activities of Iranian citizens but also people in the West. These apps include several apps for domestic app store Cafe Bazaar, Mobogram, and variations of Telegram.
“The dissemination of these apps outside of Iran will enable the IRGC to spy globally and at will. Some of these apps are also available on App Store, GitHub and Google Play despite reports and user reviews warning they contain spyware embedded by the Iranian regime’s app developers. The spread of these apps outside Iran will put Internet users across the world at significant risk, increasing the rate of malware infections,’ the report said.
“It is highly suspicious why the Iranian regime, which is hell-bent on controlling the Internet inside Iran, would make these apps available to other mobile users around the world through App Store, Google Play, and GitHub. While many of them have negative reviews and complaints about the apps being infected, they continue to be available for download on popular app stores,” it added.
This isn’t the first time that Iranian hackers or state-sponsored groups have attempted to victimise officials in hostile nations by carrying out phishing attacks or by using advanced spying tools.
Back in July 2016, an Iranian hacker group known as OilRig managed to win the confidence of a Deloitte employee by using fake social media profiles of an attractive woman to interact with him.
The hackers used pictures of a Romanian photographer to create a fake Facebook profile under a fictitious name ‘Mia Ash’. Using the fictitious profile, they contacted a Deloitte employee who was, in fact, looking after cyber security for Deloitte and was engaged in advising the firm’s clients about their digital defences.
Having engaged the employee in personal conversations for months, the hacker group finally succeeded in making him download an attachment to his PC which they included in a phishing email. Before sending the email, they had succeeded in making him believe that Mia Ash was trying to set up a website for her business and wanted his help.
The malicious attachment, in fact, hid a malware named PupyRat which could steal credentials from corporate accounts. Even though the affected employee downloaded the malware to his work computer, Deloitte was saved from further damage as the malware did not get to infect the firm’s corporate network.
“We assess that Iran will continue working to penetrate US and Allied networks for espionage and to position itself for potential future cyber attacks, although its intelligence services primarily focus on Middle Eastern adversaries—especially Saudi Arabia and Israel,” said Daniel R Coats, director of U.S. National Intelligence.
“Tehran probably views cyberattacks as a versatile tool to respond to perceived provocations, despite Iran’s recent restraint from conducting cyber attacks on the United States or Western allies,” he added.