VERY IMPORTANT

Iranian cyber espionage group MuddyWater, affiliated with Iran's Ministry of Intelligence and Security, is utilizing DCHSpy, an Android surveillanceware tool, in the context of the Israel-Iran conflict. DCHSpy collects extensive data from infected devices, including WhatsApp data, accounts, contacts, SMS, files, location, and call logs, and can record audio and take photos. The malware is distributed through malicious VPN apps advertised on Telegram channels. Recent samples show new capabilities, including data exfiltration from specific files and WhatsApp. The targeting may involve StarLink-related lures, exploiting Iran's internet outage. DCHSpy shares infrastructure with SandStrike, another Android malware targeting Baháʼí practitioners.