Iranian Hacker Group Developed Android Malware to Steal 2FA SMS Codes

The malware could steal 2FA SMS codes for Google accounts. Also contained vague functionality to do the same for Telegram and various social networks.

- Advertisement -

Security firm Check Point said it uncovered an Iranian hacking group that has developed special Android malware capable of intercepting and stealing two-factor authentication (2FA) codes sent via SMS.

The malware was part of an arsenal of hacking tools developed by a hacker group the company has nicknamed Rampant Kitten.

Iranian Hacker Group Developed Android Malware to Steal 2FA SMS Codes
Iranian Hacker Group Developed Android Malware to Steal 2FA SMS Codes

Check Point says the group has been active for at least six years and has been engaged in an ongoing surveillance operation against Iranian minorities, anti-regime organizations, and resistance movements such as:

  • Association of Families of Camp Ashraf and Liberty Residents (AFALR)
  • Azerbaijan National Resistance Organization
  • the Balochistan people
- Advertisement -

These campaigns involved the use of a wide spectrum of malware families, including four variants of Windows infostealers and an Android backdoor disguised inside malicious apps.

The Windows malware strains were primarily used to steal the victim’s personal documents, but also files from Telegram’s Windows desktop client, files that would have allowed the hackers to access the victim’s Telegram account.

In addition, the Windows malware HackerGgroupstrains also stole files from the KeePass password manager, consistent with functionality descript in a joint CISA and FBI alert about Iranian hackers and their malware, issued earlier this week.

Also Read:

YOU MIGHT LIKE

Leave A Reply

Please enter your comment!
Please enter your name here