EyeSpy – Iranian Spyware Delivered in VPN Installers

Category	Details
Threat Actors	Cybercriminals using Trojanized VPN installers to deliver the SecondEye spyware, developed in Iran.
Campaign Overview	A malware campaign distributing SecondEye spyware via trojanized installers of the 20Speed VPN, developed in Iran. The campaign targets users of the VPN, primarily in Iran, with some victims in Germany and the US.
Target Regions (Victims)	Mainly Iran, with smaller victim pools in Germany and the US.
Methodology	– Trojanized VPN installers used to deliver SecondEye spyware. – Spyware includes keylogging and stealing sensitive data like passwords, images, and crypto-wallets. – Delivered via malicious .bat and .exe files.
Product Targeted	20Speed VPN (Iranian-based VPN service).
Malware Reference	SecondEye spyware, also referred to as EyeSpy in the context of the attack.
Tools Used	Trojanized VPN installer, SecondEye spyware components (keylogging, stealing documents, passwords, and crypto-wallets).
Vulnerabilities Exploited	Use of legitimate software (VPN) to distribute malicious payloads.
TTPs	– Use of trojanized legitimate software installers (VPN). – Data theft via keylogging and stealing sensitive information.
Attribution	The malware is associated with Iranian-developed spyware, distributed via Iranian VPN software.
Recommendations	– Be cautious when downloading VPN software, especially from unknown or untrusted sources. – Use reputable security software to detect and prevent keyloggers and spyware.
Source	Bitdefender

Read full article : https://www.bitdefender.com/en-us/blog/labs/eyespy-iranian-spyware-delivered-in-vpn-installers

Disclaimer: The above summary has been generated by an AI language model