Iranian cyber-group Domestic Kitten (or APT-C-50) and Infy (also called Prince of Persia) targeted Iranian dissidents and diplomatic agencies across Europe for over a decade. The latest November operation is no different, which takes advantage of a fake app for Mohsen Restaurant located in Tehran to achieve the same objective by luring victims into installing the app by sharing a link to download the malware called FurBall. Once installed, FurBall grants itself wide permissions to execute the app every time automatically on device startup and proceeds to collect browser history, hardware information.
Source: https://thehackernews.com/2021/02/researchers-reveal-how-iran-spies-on.html