Iran-Linked DCHSpy Android Malware Masquerades as VPN Apps to Spy on Dissidents

Cybersecurity researchers discovered new Android spyware, DCHSpy, likely linked to the Iranian Ministry of Intelligence and Security. The malware, disguised as VPN apps and Starlink, targets dissidents, activists, and journalists, collecting sensitive data and recording audio and photos. DCHSpy, first detected in July 2024, is suspected to be deployed against adversaries following the Israel-Iran conflict.