Israeli security company CheckPoint says it has evidence proving state actors in Iran are using smartphone malware to monitor individuals they consider national security threats.
The company said most of the approximately 240 people that have been targeted by the operation are Iranian nationals, though a handful of citizens of the UK, Afghanistan, and Iraq have also had their mobile phones monitored. The individuals had all either demonstrated support for ISIS or were of Kurdish or Turkish origin, minorities that have an adversarial relationship with the Iranian regime.
According to CheckPoint, the spyware was able to collect contact lists, call records, text and multimedia messages, photos, geographical locations, and even record nearby conversations.
Government hackers were able to infiltrate the devices through fake apps the users downloaded on their mobile phones, including an ISIS themed wallpaper changing app, an app masquerading as providing official updates from the Firat News Agency (ANF), a Kurdish news agency, and a fake version of the Vidogram messaging app.
"This is the first time to our knowledge that a technical analysis technique has highlighted the fact a government has led a cyber-espionage campaign on smartphones," the firm's vice-president for Europe, Thierry Karsenti, told AFP.
Meanwhile, another Israeli cyber security firm, ClearSky, has reported Tehran has expanded its disinformation franchise with a handful of fake news websites targeting citizens of foreign countries, especially Israel.
The company identified three websites, two in Hebrew and one in Arabic, which it says the Iranian regime is using to manipulate Israeli citizens and promote its own agenda.
One of the websites, the “Tel Aviv Times,” launched in 2013, copies reports from mainstream Israeli media and publishes them after making "crucial changes" to them so that they serve the Iranian agenda.
14 fake Facebook and 11 fake Twitter accounts with thousands of followers are also part of the Iranian disinformation network, ClearSky said.
The U.S. cybersecurity firm FireEye recently announced that Iran has been using a network of fake news websites and fraudulent social media personas spread across Facebook, Instagram, Twitter, Google Plus, and YouTube to push narratives in line with Tehran’s interests. The campaign was aimed at users in the United States, the UK, Latin America, and the Middle East, FireEye said.
With assistance from FireEye, Facebook, Twitter, YouTube, and Instagram have shut down hundreds of accounts with ties to the Iranian regime. Google removed 39 channels on YouTube, as well as 13 accounts on Google Plus and six accounts on its blogging platform, blogger.com.
“We’ve invested in robust systems to detect phishing and hacking attempts, identify influence operations launched by foreign governments, and protect political campaigns from digital attacks through our Protect Your Election program,” wrote Kent Walker, a senior Google manager in an August 23 blog post announcing his company’s move.