PINEFLOWER Mobile Malware

PINEFLOWER is a malware strain used in mobile spyware attacks. The threats of the PINEFLOWER family possess a wide range of intrusive capabilities that could be customized to fit the specific goals of threat actors. Details about the threat were released in a report by cybersecurity researchers.

The researchers discovered links between the threatening tools and an APT (Advanced Persistent Threat) group tracked as APT42, which is believed to have ties to the Iranian government. The same hacker group also can be encountered as Charming Kitten, APT35, ITG18, Yellow Garuda, Phosphorus and TA453. The earliest PINEFLOWER versions are believed to have been used as far back as 2015. The main targets of the mobile spyware are individuals and organizations of interest located in Iran.

The cybercriminals may have been able to record phone calls, create room audio recordings, collect images and even the entire SMS inboxes of the breached devices. PINEFLOWER also could be programmed to establish backdoor access to the victim's device, track its GPS location, exfiltrate select files or fetch additional files to the device, activate or disable the Bluetooth and Wi-Fi, manipulate the data settings and more. The Command-and-Control (C2, C&C) server of the attack campaigns was designed to impersonate an online flower shop.