DHCSpy (Malware Family)

SYMBOL	COMMON_NAME	aka. SYNONYMS

apk.dhcspy (Back to overview)

DHCSpy

Actor(s): MuddyWater

According to Lookout, DCHSpy is an Android surveillanceware tool leveraged by Iranian cyber espionage group MuddyWater. DCHSpy collects WhatsApp data, accounts, contacts, SMS, files, location, and call logs, and can record audio and take photos.

References

2025-09-29 ⋅ Shindan ⋅ Paul Viard
DHCSpy - Discovering the Iranian APT MuddyWater
DHCSpy

2025-07-21 ⋅ Lookout ⋅ Alemdar Islamoglu, Justin Albrecht
Lookout Discovers Iranian APT MuddyWater Leveraging DCHSpy During Israel-Iran Conflict
DHCSpy

There is no Yara-Signature yet.

DHCSpy Propose Change

References

DHCSpy