Chafer: A new variant of the Remexi malware has been found in the wild targeting foreign diplomats and personnel inside Iran. The Remexi malware was originally discovered in 2015 after being created by the Iranian group Chafer to target and monitor various figures throughout the Middle East. This latest variant of Remexi has been found to have the ability to remotely execute code, take screenshots, retrieve browser data, harvest credentials, login data and history, as well as log all key strokes.
Analyst Notes
With sanctions against Iran growing, it is not overly surprising that Iran would want to compromise the networks of every foreign national left within Iran–likely in the hopes of stealing as much confidential data as possible while also being able to potentially have early warnings of anyone looking to pull out of Iran.
