Iranian state-backed hackers spread malware via links to fake VPN apps

A highly resourceful Iranian state-backed hacker group is using malicious links to VPN apps sent via text messages to inject spyware, a cybersecurity company reports.

Mandiant found evidence that APT42 (Advanced Sustained Threat) has been carrying out such attacks since 2015 on what they describe as “the enemies of the Iranian state” with the aim of collecting sensitive data and spying on victims.