Domestic Kitten is the name given to a spyware campaign which Check Point believes originates from within Iran and has primarily targeted Iranian citizens. The campaign operates by attempting to entice victims into downloading mobile apps which are spyware. The apps Check Point analyzed were an ISIS themed wallpaper changer, an app which provides updates from the ANF Kurdistan news agency and a fake version of a messaging app named Vidogram.
All the apps use the same certificate which has the email address [email protected]yahoo.com associated with it. Once installed, the spyware is capable of gathering significant information from the victim device and then transfers the data to its C&C servers via HTTP POST requests.
Check Point report that they believe that there may be around 240 victims of this campaign with some 97% of the victims being Iranian citizens. The remaining victims are located in Iraq, Afghanistan and the UK.
Victims are lured into downloading applications which is believed to be of interest to them. The applications researchers discovered included an ISIS branded wallpaper changer, “updates” from the ANF Kurdistan news agency and a fake version of the messaging app, Vidogram.
Indicators of Compromise