Researchers said they have uncovered an ongoing surveillance campaign has been stealing a wide array of data from Iranian expatriates and dissidents through Windows and Android devices.

The campaign, which the security firm Check Point named Rampant Kitten, consists of two main components, one is for Windows and the other is for Android. Rampant Kitten’s objective is to steal Telegram messages, passwords, two-factor authentication codes sent by SMS and take screenshots and record audios with and infected phone. Said by the researchers on last Friday.

Windows infostealer is installed through a Microsoft Office document with a name which can be roughly translated into “The Regime Fears the Spread of the Revolutionary Cannons.docx” Once opened, it will ask the readers to enable macros. And if the user do so, a malicious macro downloads and installs the malware. The Android infostealer is installed through an app which disguise itself as a service to help Persian-language speakers in Sweden to get their driver’s license.