If you use apps like WhatsApp, Telegram, or password managers on your computer, a new warning from the FBI is something you’ll want to pay close attention to. The agency has alerted in its FLASH report that a group of hackers working for the Iranian government has been caught using fake versions of these popular programs to spy on people and steal their private data.
Since late 2023, these attackers, reportedly linked to Iran’s Ministry of Intelligence and Security (MOIS), have been going after journalists, activists, and anyone they see as a threat. It’s no mystery that these hackers don’t just want your passwords; they are looking to record your private conversations and leak your personal files to cause as much trouble as possible.
The Disguise
The way they get into your computer is actually quite simple. Instead of using a complicated technical backdoor, they just talk to you. Typically, they pose as technical support or even a friend on social media, and after gaining your trust, they’ll send over a file that looks like a helpful update or a new tool.
These files are named to look exactly like the real thing, such as WhatsApp.exe, Telegram_authenticator.exe, or KeePass.exe, but you are actually installing a spying tool. The FBI notes that some of these programs, like one called MicDriver, are even capable of recording your audio and screen during Zoom calls without you ever noticing a thing. After infiltration, the hackers use a second stage of malware, like Winappx.exe or MsCache.exe, to quietly bundle up your files and send them back to their own servers.
Connections to Major Company Hacks
This isn’t just a small-scale operation. The FBI has linked this activity to a group known as Handala Hack, also linking it to another entity called Homeland Justice. This name might sound familiar because, as Hackread.com reported in March 2026, the group claimed a massive attack on a global medical company called Stryker. While the company worked hard to fix the disruption, the hackers claimed they had wiped out over 200,000 systems and stolen a massive amount of data.
“The FBI assesses some of the information Handala Hack claimed to have acquired and posted online was obtained using malware as part of the group’s ongoing campaign to target dissidents. Handala Hack is known for phishing, data theft, extortion, and destructive attacks involving custom wiper malware. Additionally, the FBI assesses Handala Hack is linked to the online entity “Homeland Justice,” also operated by Iran MOIS cyber actors,” the FBI’s alert (PDF) reads.
To keep yourself from falling into this trap, the FBI suggests a few basic habits to adopt. First, never download a program that someone sends you in a chat; always go directly to the official website or app store. Second, make sure your Windows updates are turned on, as these include fixes that block hackers from getting in. Finally, turning on multi-factor authentication adds an extra layer of security that makes it much harder for hackers to get into your accounts.
Deeba Ahmed
