Close Menu
Innovation Village | Technology, Product Reviews, Business
    Facebook X (Twitter) Instagram
    Tuesday, July 8
    • About us
      • Authors
    • Contact us
    • Privacy policy
    • Terms of use
    • Advertise
    • Newsletter
    • Post a Job
    • Partners
    Facebook X (Twitter) LinkedIn YouTube WhatsApp
    Innovation Village | Technology, Product Reviews, Business
    • Home
    • Innovation
      • Products
      • Technology
      • Internet of Things
    • Business
      • Agritech
      • Fintech
      • Healthtech
      • Investments
        • Cryptocurrency
      • People
      • Startups
      • Women In Tech
    • Media
      • Entertainment
      • Gaming
    • Reviews
      • Gadgets
      • Apps
      • How To
    • Giveaways
    • Jobs
    Innovation Village | Technology, Product Reviews, Business
    You are at:Home»Android»Iranian Hacker Group Developed Android Malware to Steal 2FA Codes

    Iranian Hacker Group Developed Android Malware to Steal 2FA Codes

    0
    By Tapiwa Matthew Mutisi on September 21, 2020 Android, Cybercrime, Information Technology, Security

    An Iranian hacking group which developed malware capable of stealing two-factor authentication codes from Android devices was recently unraveled by security group Check Point which discovered this malpractice.

    The group, which is reportedly involved in surveillance operations against Iranian minorities and resistance movements, uses various malware types across Windows and Android.

    The Windows malware tries to steal documents and passwords from targets’ computers, as well as files from Telegram’s Windows desktop client. However, Check Point has also discovered tools for Android, including the group’s two-factor authentication code stealer.

    What the tool does

    Check Point explains that an Android backdoor was designed by the group under the guise of a harmless app. This software purports to helps Persian speakers in Sweden get their drivers’ licenses.

    The app asks the user to provide a variety of necessary permissions, and upon these being accepted, initiates several background services. One of these services is responsible for configuration monitoring, showing fake notifications, and sensitive data collection.

    Additionally, the following information is read and prepared by the service:

    • Installed applications list
    • Accounts information
    • SMS messages
    • Contacts information

    Other necessary information is collected on demand once a command is received from the group’s server, and includes:

    • Voice recording – A 30-second recording by default.
    • Google credentials – The server triggers an authentication phishing attempt.

    This phishing attempt is executed by opening an accounts.google.com login page, and the group uses a tool to steal the credentials the user types in.

    Once everything has been executed successfully, this Android backdoor can do the following:

    • Steal existing SMS messages
    • Forward two-factor authentication SMS messages to a phone number provided by the attacker-controlled C&C server
    • Retrieve personal information like contacts and accounts details
    • Perform Google account phishing
    • Retrieve device information such as installed applications and running processes

    Two-factor authentication SMS messages are intercepted and forwarded to the attackers by searching for any message that includes “G-“, which is usually the prefix for 2FA codes sent by Google.

    However, since the attacker is an Iranian organisation that is politically motivated, it is unlikely that South African users will be targeted.

    Related

    2FA Codes Android smartphone Cyber Security cybercrime devices gadgets Hackers Information technology Iranian Security
    Share. Facebook Twitter Pinterest LinkedIn Email
    Tapiwa Matthew Mutisi
    • Facebook
    • X (Twitter)
    • LinkedIn

    Tapiwa Matthew Mutisi has been covering blockchain technology, intelligent technologies, cryptocurrency, cybersecurity, telecommunications technology, sustainability, autonomous vehicles, and other topics for Innovation Village since 2017. In the years since, he has published over 4,000 articles — a mix of breaking news, reviews, helpful how-tos, industry analysis, and more. | Open DM on Twitter @TapiwaMutisi

    Related Posts

    Redmi Pad 2 and Redmi Pad 2 4G Officially Launched in Nigeria: Performance Meets Elegance

    Lenovo Chromebook Plus 14: The Best Chromebook Yet?

    Nigeria Government Launches $40 Million ICT Project Across 10 Universities

    Leave A Reply Cancel Reply

    You must be logged in to post a comment.

    Copyright ©, 2013-2024 Innovation-Village.com. All Rights Reserved

    Type above and press Enter to search. Press Esc to cancel.