A spyware app designed to monitor Kurdish targets attracted more than 1,400 downloads

The identity of the spies remains unclear, though the hacking tool is capable of collecting vast amounts of data.
A member of the Syrian Kurdish internal security services known as "Asayish" stands guard as women attend a protest in Syria's northeastern city of Hasakah on July 6, 2021. (DELIL SOULEIMAN/AFP via Getty Images)

More than 1,400 people have downloaded a spyware app that, while appearing to deliver news, enables hackers to collect sensitive data about the Kurds, an ethnic community living throughout Iran, Iraq and northern Syria.

The espionage campaign involves duping Android smartphone owners into downloading a program that spies use to record phone calls, extract files, take screenshots and gather other information from unwitting victims, according to details published Tuesday by the security vendor ESET.

The endeavor marks the latest attempt to undercut the Kurds, an indigenous people embedded in conflicts of the Middle East over the past generation. Kurdish fighters have been active in the fight against the Islamic State group dating back to 2014, aligning with U.S forces while also struggling against the Turkish government.

Suspected Iranian hackers also used mobile spyware to monitor Kurdish targets, the security firm Check Point reported in February.


The effort that ESET discovered has been active since March 2020, including numerous incidents in which Facebook profiles promoted malicious links, encouraging Kurd supporters to download the apps. Researchers identified six Facebook profiles that vocally promoted the URLs on the social media site, all of which have been removed.

In some cases the profiles shared the espionage with larger Facebook groups, including one page with more than 11,000 followers that was dedicated to supporting the former president of the Kurdistan region.

Investigators pinned the hacking activity on a group called BladeHawk, initially named by the QiAnXin Threat Intelligence Center, a unit of a China-based technology company.

QiAnXin researchers also published details in December 2020 describing a series of “continuous attacks” that it said were aimed at some Turkish groups, Kurdish targets and suspected members of terrorist groups. QiAnXin said the BladeHawk group originated in “a certain country in the Middle East,” though few other details were available.

Third-party websites, rather than the Google Play store or iOS market, hosted the programs, which attracted 1,481 downloads at the time of publication.

Jeff Stone

Written by Jeff Stone

Jeff Stone is the editor-in-chief of CyberScoop, with a special interest in cybercrime, disinformation and the U.S. justice system. He previously worked as an editor at the Wall Street Journal, and covered technology policy for sites including the Christian Science Monitor and the International Business Times.

Latest Podcasts