According to a report by Voice of America (VoA), Iran’s protest detainees have been targeted with spyware on their Android devices. The spyware is known as I3mon, a relatively popular Android trojan. The malware is typically used by threat actors to obtain sensitive information like login credentials, banking accounts, and other identity information. I3mon also can be distributed multiple ways, including through infected links, emails, third-party platforms, or Google Play store apps, but it can also be manually installed. In the case of these Iranian protestors, I3mon was activated on a German server. It is unclear currently if this is the work of nation state actors or hacktivists, but nonetheless, it is concerning for Iranian protestors.
By Anthony Zampino Introduction Leading up to the most recent Russian invasion of Ukraine in