Security Warning: Targeted Malware Sent to Iranian Activists and Journalists

A malicious Android file is reportedly being sent directly to Iranian journalists, human rights activists, and members of civil society through Telegram messages. The malware is disguised as a tool connected to free internet access, Starlink, VPNs, or anti-censorship services.

To make the file appear trustworthy, those distributing it often use the recipient’s personal name or claim they are sharing the tool through a trusted mutual contact.

Technical analysis shows that the file contains malware capable of accessing SMS messages, contacts, device information, and background activity on the phone. There are also concerns about possible account theft and surveillance of private communications.

If you receive such a file, do not install unknown Android applications under any circumstances, avoid clicking on suspicious links, and do not forward the file to others.

If you have already installed the application, disconnect your device from the internet immediately and avoid logging into any sensitive accounts.

Security Warning: Targeted Malware Sent to Iranian Activists and Journalists

Other newsrooms on this story

Related reading

Cyber retaliation from Iran is a problem for U.S. companies — 'It's in the…

Apple alerted Iranians to iPhone spyware attacks, say researchers | TechCrunch

Hacker iraniani usano Telegram per attaccare dissidenti e giornalisti -…

Il malware nascosto nei video delle proteste per spiare i dissidenti iraniani

Self-propagating malware poisons open source software and wipes Iran-based…

Starlink reportedly made free in Iran - but protesters are taking huge risks by…