A piece of Android spyware, used by the Iranian government to monitor minority groups in the country andsurveil arms, alcohol, and drugs trafficking, has been analyzed by the mobile security firm Lookout.

Named BouldSpy, the android spyware is most likely installed by the Law Enforcement Command of the Islamic Republic of Iran (FARAJA) by using physical access to the devices, perhaps obtained during detention.

The spyware has supposedly been in use since at least 2020, with more than 300 victims identified. These victims include Iranian Kurds, Azeris, Baluchis, and possibly Armenian Christian groups. 

The command-and-control panel of the malware allows the operator to manage the divides and build custom applications that impersonate Android system services. 

The malware connects account usernames, list of installed apps, browsing history, call logs, SMS messages, and more. 

BouldSpy conducts malicious activities in the background, abusing Android accessibility services. It also disables battery management.

Read more at: https://www.securityweek.com/bouldspy-android-malware-used-in-iranian-government-surveillance-operations/