Specializing in cybersecurity, Check Point has published a report in which it reveals the discovery of new malware. It is said to be the work of a group of Iranian hackers soberly dubbed Rampant Kitten, which literally translates to “Wild Kitten.”
According to the company, which specializes in cybersecurity solutions such as antivirus, this organization has been supported by the Iranian state since it began its activities – six years ago now. During all these years, the group has targeted minorities, groups opposed to the current government or local associations. Among the victims are, for example, the Organization of National Resistance of Azerbaijan and the Association of Families of Residents of Camp Ashraf and Liberty (AFALR), reports specialized media ZDNet.
The malware discovered by Check Point is not the only malware developed by the Rampant Kitten hackers, they also have malicious tools intended for Windows. This time, the malware is aimed at smartphones and more specifically Android.
Google accounts are affected, but not only
In its report, the company says the malware is a backdoor capable of stealing double authentication codes received by users on their Android smartphones. This is not all, as this tool is also capable of stealing the contacts or recording the voice conversations of the victim through the microphone.
To return to double authentication, Check Point reports that the malware can discreetly copy SMS with the famous codes – otherwise known as 2FA. Any messages that contain the G- string, assigned to Google, are sent back to attackers who can then quietly log into the victims’ Google accounts and steal and then use the personal data there. It can also help to set up phishing or spear-phishing attacks.
The malware does not specifically target Google accounts, but also the 2FA codes of other applications — including the encrypted messaging service Telegram. We can already imagine the consequences of this tool if a group of Iranian hackers managed to gain access to the private exchanges of a group of opponents or a political activist by bypassing double authentication in this way.
I am sorry that this post was not useful for you!
Let me improve this post!
Tell me how i can improve this post?