The PolySwarm Blog

Analyze suspicious files and URLs, at scale, millions of times per day. Get real-time threat intel from a crowdsourced network of security experts and antivirus companies competing to protect you.

Static Kitten Observed Using DCHSpy Android Malware

Aug 1, 2025 1:17:27 PM / by The Hivemind posted in Threat Bulletin, Static Kitten, Spyware, Data Exfiltration, Mobile Security, DCHSpy, Android surveillanceware, Starlink spoofing, Iranian malware, Middle East cyber threats, VPN phishing

0 Comments

Verticals Targeted: None specified
Regions Targeted: Iran, Middle East
Related Families: None specified

Executive Summary

DCHSpy is an Android surveillanceware linked to Iran’s Static Kitten group, targeting Iranian users with fake VPN and Starlink apps to steal sensitive data amid regional conflict. This malware, active since October 2023, exploits social engineering to access WhatsApp, location data, and personal files.

Read More

MuddyWater Using New Backdoor to Target Middle East

Jul 22, 2024 1:09:20 PM / by The Hivemind posted in Threat Bulletin, Middle East, Static Kitten, MuddyWater, MuddyRot, BugSleep

0 Comments

Related Families: MuddyRot aka BugSleep
Verticals Targeted: Transportation, Government, Media, Travel

Executive Summary

Iran nexus threat actor group MuddyWater was recently observed using a new backdoor to target entities in the Middle East. Dubbed MuddyRot by Sekoia and BugSleep by Check Point Research, the backdoor appears to indicate a shift in MuddyWater’s TTPs.

Read More

Iranian Threat Actors Target Hybrid Environment

Apr 21, 2023 2:39:06 PM / by The Hivemind posted in Threat Bulletin, Ransomware, Iran, Muddy Water, Static Kitten, DEV-1084, Mercury

0 Comments



Executive Summary

Iranian threat actors were observed targeting a hybrid environment using ransomware as a decoy for destructive attacks.

Key Takeaways

Read More

Muddy Water Uses SloughRAT in Recent Campaigns

Mar 17, 2022 1:21:56 PM / by PolySwarm Tech Team posted in Threat Bulletin, Espionage, Iran, Muddy Water, Static Kitten, SloughRAT, Canopy

0 Comments



Background

Iranian threat actor group Muddy Water has been very active in the last few months. In February, CISA issued an
alert warning that the group was conducting a campaign targeting global government and commercial networks. Earlier this month, Cisco’s Talos Intelligence published a blog post on Muddy Water activity targeting Turkey and other countries.

Read More

Subscribe to Email Updates

Lists by Topic

see all

Posts by Topic

See all

Recent Posts