DCHSpy (Malware Family)

SYMBOL	COMMON_NAME	aka. SYNONYMS

apk.dchspy (Back to overview)

DCHSpy

Actor(s): MuddyWater

According to Lookout, DCHSpy is an Android surveillanceware tool leveraged by Iranian cyber espionage group MuddyWater. DCHSpy collects WhatsApp data, accounts, contacts, SMS, files, location, and call logs, and can record audio and take photos.

References

2025-09-29 ⋅ Shindan ⋅ Paul Viard
DHCSpy - Discovering the Iranian APT MuddyWater
DCHSpy

2025-07-21 ⋅ Lookout ⋅ Alemdar Islamoglu, Justin Albrecht
Lookout Discovers Iranian APT MuddyWater Leveraging DCHSpy During Israel-Iran Conflict
DCHSpy

There is no Yara-Signature yet.

DCHSpy Propose Change

References

DCHSpy