An Android-based spyware program is using the Starlink name to trick Iran-based web users into installing it, according to researchers at cybersecurity vendor Lookout. The company has linked the spyware program, dubbed DCHSpy, to the Iranian state-sponsored group MuddyWater, a unit that allegedly works in Iran's Ministry of Intelligence and Security. The spyware can steal data such as call logs, location data, and SMS messages, take photos and record audio. Although the spyware was flagged last year, Lookout spotted new versions of DCHSpy posing as VPN apps. Following Israeli and US bombing campaigns on Iran, the country restricted access to the internet to thwart Israeli cyberattacks and quash dissent. VPN usage then surged. The four recovered spyware samples used the names “Earth VPN” and “Comodo VPN” to phish users looking for access to uncensored internet. While examining the spyware samples, Lookout also uncovered the use of the Starlink name. Since 2022, SpaceX has enabled St...