Latest in Gear

Image credit: REUTERS/TIMA

Iranian hackers' Android malware spies on dissidents by stealing 2FA codes

It also grabbed contacts, messages and voice conversations.
Jon Fingas, @jonfingas
September 20, 2020
250 Shares
Share
Tweet
Share

Sponsored Links

A man uses his smartphone to follow election news in Tehran, Iran May 17, 2017. REUTERS/TIMA ATTENTION EDITORS - THIS IMAGE WAS PROVIDED BY A THIRD PARTY. FOR EDITORIAL USE ONLY.
REUTERS/TIMA

It’s no secret that some countries have spied on their citizens through innocuous-looking apps, but one effort is more extensive than usual. Check Point Research has discovered (via ZDNet) that Rampant Kitten, an Iranian hacker group that has targeted the country’s political opponents for years, has developed Android malware focused on stealing two-factor authentication codes. It isn’t just focused on any one service, either — it targets Google, Telegram, and other major internet or social services.

The attackers first use a phishing trojan to collect login details, and then try those with the real site. If the victim has two-factor authentication turned on, the newly-reported malware intercepts the incoming SMS messages and quietly sends copies to the intruders.

The code also has tools to grab contacts, text message logs and even microphone audio, but it’s unusually centered around two-factor data. It has so far been found in an app pretending to help Persian speakers in Sweden get driver’s licenses, but it might be available in other apps.

This is an important discovery. Although it’s no secret that likely state-backed groups can get around two-factor requests, it’s difficult to see how those systems work. It also stresses the importance of using two-authentication systems that avoid SMS, such as hardware security keys. SMS is better than nothing, but it’s no longer a deterrent for the most determined intruders — whether they’re pro-government spies or everyday criminals.

All products recommended by Engadget are selected by our editorial team, independent of our parent company. Some of our stories include affiliate links. If you buy something through one of these links, we may earn an affiliate commission.
Comment
Comments
Share
250 Shares
Share
Tweet
Share

Popular on Engadget

The best early Black Friday deals you can get in Best Buy's new sale

The best early Black Friday deals you can get in Best Buy's new sale

View
Vizio's latest TVs add FreeSync, 120Hz 4K gaming support

Vizio's latest TVs add FreeSync, 120Hz 4K gaming support

View
Jabra Elite 85t review: Noise-blocking comfort that rivals the best

Jabra Elite 85t review: Noise-blocking comfort that rivals the best

View
Amazon is matching many of Best Buy's early Black Friday deals

Amazon is matching many of Best Buy's early Black Friday deals

View
Amazon's Echo Show and Fire TV devices hit all-time lows in Alexa birthday sale

Amazon's Echo Show and Fire TV devices hit all-time lows in Alexa birthday sale

View

From around the web

Page 1Page 1ear iconeye iconFill 23text filevr