It’s no secret that some national countries have spied on the citizens through innocuous-looking apps, but one effort is more extensive than usual. Check Point Research has discovered (via ZDNet) that Rampant Kitten, an Iranian hacker group which has targeted the country’s political opponents for a long time, is rolling out Android malware centered on stealing two-factor authentication codes. It isn’t just centered on anybody service, either – it targets Google, Telegram, along with other major internet or social services.
The attackers work with a phishing trojan to get login details first, and try people that have the true site then. If the victim has two-factor authentication fired up, the newly-reported malware intercepts the incoming SMS messages and sends copies to the intruders quietly.
The code has tools to seize contacts also, text logs and microphone audio even, but it’s unusually centered around two-factor data. It has up to now been within an app pretending to greatly help Persian speakers in Sweden get driver’s licenses, nonetheless it may be obtainable in other apps.
This can be an important discovery. Although it’s no secret that likely state-backed groups will get around two-factor requests, it’s difficult to observe how those systems work. It stresses the significance of using two-authentication systems that avoid SMS also, such as for example hardware security keys. SMS is preferable to nothing, but it’s no more a deterrent for probably the most determined intruders – whether they’re pro-government spies or everyday criminals.
