Iran Spyware Poses as VPN to Target Dissidents

Cybersecurity researchers have identified a new strain of Android spyware linked to Iran’s Ministry of Intelligence and Security. The malicious tool, which poses as VPN services and Starlink internet apps, has targeted users with the intent to monitor dissidents. Iran spyware poses as VPN platforms to lure victims into downloading applications that secretly collect sensitive data.

Mobile security firm Lookout uncovered four separate samples of the malware, now tracked under the name DCHSpy. Analysts say the spyware uses deceptive branding and familiar services to gain users’ trust and compromise their devices. Once installed, the apps enable unauthorized surveillance and data exfiltration.

Researchers noted that Iran spyware poses as VPN and satellite internet tools to exploit political targets. The campaign highlights the growing use of mobile surveillance tools by state-linked actors. Security professionals recommend users verify app sources and avoid third-party installations.

Read the full report here:
https://thehackernews.com/2025/07/iran-linked-dchspy-android-malware.html