The malware could steal 2FA SMS codes for Google accounts. Also contained vague functionality to do the same for Telegram and various social networks.
Security firm Check Point said it uncovered an Iranian hacking group that has developed special Android malware capable of intercepting and stealing two-factor authentication (2FA) codes sent via SMS.
The malware was part of an arsenal of hacking tools developed by a hacker group the company has nicknamed Rampant Kitten.
Check Point says the group has been active for at least six years and has been engaged in an ongoing surveillance operation against Iranian minorities, anti-regime organizations, and resistance movements such as:
- Association of Families of Camp Ashraf and Liberty Residents (AFALR)
- Azerbaijan National Resistance Organization
- the Balochistan people
These campaigns involved the use of a wide spectrum of malware families, including four variants of Windows infostealers and an Android backdoor disguised inside malicious apps.
The Windows malware strains were primarily used to steal the victim’s personal documents, but also files from Telegram’s Windows desktop client, files that would have allowed the hackers to access the victim’s Telegram account.
In addition, the Windows malware HackerGgroupstrains also stole files from the KeePass password manager, consistent with functionality descript in a joint CISA and FBI alert about Iranian hackers and their malware, issued earlier this week.
- Chrome Brings QR Code Sharing on Android & Desktop
- Xiaomi Officially Launches Mi TV Stick with up to 1080p Resolution
- Google tells employees to take Friday off as a ‘collective wellbeing’ holiday during a pandemic
- Android 11 to Integrate Password Autofill with Keyboards
- Facebook Criticizes Apple’s Policies; Launches Facebook Gaming Without Games on iOS