The analysis comes from Recorded Future, a cybersecurity intelligence firm based in Somerville, Massachusetts.
One of Recorded Future’s specialties is monitoring hacking forums, looking for clues and chatter that might indicate future attacks.
Over the last six months, there appears to have been high interest on Iranian hacking forums in remote access tools, or programs designed to listen to calls and collect text message and GPS data, according to a blog post.
The most-discussed tools were AndroRAT and DroidJack. AndroRAT is free and has been around for close to four years, while DroidJack appeared last year.
“With a low level of technical skill needed, open availability and strong community support on hacker forums, DroidJack and AndroRAT are likely to remain popular choices for threat actors seeking to take advantage of Middle Eastern mobile systems,” Recorded Future wrote.
The fact that Iranian hackers are embracing them now shows that threat actors are adapting to go after platforms that are popular in their own countries or regions, the company wrote. The tools to do so may be easy to get.
DroidJack has its own website. It costs US$210, and its developers aren’t cagey about the app’s mission: “DroidJack gives you the power to establish control over your beloveds’ Android devices with an easy-to-use GUI and all the features you need to monitor them.”