Android Users Beware: Your 2FA Code Can Be Stolen By Hackers Now

Must Read

WhatsApp Might Lose 60 Million Indian Users Post Updated Policy Changes, New Survey Reveals!

The Facebook-owned instant messaging platform’s decision to update their privacy and terms of service brought about a...

Uber and Ola In Hot Water: India Authorities Launch Fresh Probe!

The Directorate General of Goods and Services Tax Intelligence (DGGI) sent a summons to Uber and Ola...

Happy B’Day Gordon Moore: One Of The Founding Fathers Of Silicon Valley

Gordon Earle Moore co-founded the paramount Intel Corporation (NASDAQ: INTC) with Robert Noyce in July 1968, which is worth $204.16...

If you are someone who makes use of two-factor authentication, aka 2FA, to add that extra layer of security on logins and feel that it’s foolproof, you need to pause and rethink.

Well, it turns out that 2FA codes which are sent via SMS are not so very safe after all as they can easily be intercepted by hackers.

Check Point which is a security firm recently revealed that an Iranian hacking group has developed a malware specifically for Android which can steal 2FA codes! Nicknamed as ‘Rampant Kitten’ by the security firm, this hacker group has developed many such tools for the purpose of hacking.

Advertisements

Check Point believes that this group of threat actors are not new to the game. They are known to be active for close to six years and have been partaking in an ongoing surveillance operation against various resistance moments such as Association of Families of Camp Ashraf and Liberty Residents (AFALR), Azerbaijan National Resistance Organization and the Balochistan people.

In these campaigns, Rampant Kittens favoured the use of a wide range of malware families which include four different Windows infostealers and an Android backdoor which disguises itself inside malicious apps.

The Windows malware strains employed by this hacker group not only stole a victim’s personal documents but also files from the desktop client of their Telegram account along with files from KeePass Password manager.

That being said, now it seems like they are changing up their strategy and focusing on exploiting Android users.

In the report published Check Point researchers, they highlighted that the Rampant Kittens’ developed Android backdoor is extremely potent. 

Advertisements

The backdoor has the ability to steal a victim’s entire contacts list and SMS messages along with recording their activities via the microphone and showing them phishing pages.

But here’s where it gets interesting – the backdoor seemed to be containing specific routines that were completely focused on stealing 2FA codes.

According to the researchers of Check Point, this malware, if and when installed on a user’s Android device, could intercept SMS messages that contained the “G-” string and then forward it to the attackers. Thus, it is quite alarming.

Check Point also pointed out the fact that they have uncovered the malware’s ability to automatically forward all incoming SMS messages from Telegram and various other social network apps. These types of messages also tend to contain 2FA codes and it is very likely that Rampant Kittens aims to bypass more than the 2FA of Google accounts.

As of now, the malware has been found inside an Android app which poses as a service to help Persian regional speakers in Sweden to get their driver’s license. 

Therefore, it is highly unlikely this has spread widely in various app stores. However, there’s no confirmation on the fact if the same malware isn’t lurking around other mainstream apps as well, so the situation still remains alarming.

With the introduction of this highly lethal malware, Rampant Kitten has now joined the ranks of APT20 which is a state-sponsored Chinese hacking group that, last year, became known for being able to bypass hardware-based 2FA solutions as well.

All in all, this report clearly shows that malwares are now evolving at a rapid pace.

A month ago we reported how BlackRock, another lethal malware had been infecting Android smartphones by posing as Google updates that ask for permission to observe one’s device actions and retrieve window content.

So, it is well understood that smartphone users, especially Android users, need to be aware and attentive more than ever. We will keep you updated on all future developments. Until then, stay tuned.

1 COMMENT

  1. very soon, Android users will find out what the utopia ecosystem mobile app is… and try to steal something from them. Unless the phone itself.

LEAVE A REPLY

Please enter your comment!
Please enter your name here

Latest News

Snapchat Spotlight: A New Way for Creators to Earn Money

Short-form video applications have increased overwhelmingly in popularity in recent times. The surge in this format of...

COVID-19 Unemployment Leading To Ageing Indian Workforce, CMIE Reports

The latest data shared by the CMIE aka Centre for Monitoring Indian Economy has highlighted a huge red flag.

The Slip-Ups Keep On Coming: WhatsApp Web Users’ Mobile Data Leaked On Google

As the developments have unfolded over the past week, the clock for WhatsApp seems to be ticking with every passing minute and...

Trump Administration Has Landed Its Final Blow On Chinese Companies: Xiaomi Blacklisted!

In its recent move to safeguard national security, the United States’ Trump Administration has decided to go after China’s second-biggest smartphone marker...

Huawei Is Gunning For Acquiring A Fifth Of Android’s Userbase With Its Own HarmonyOS!

After Google’s ban on Huawei in 2019, the Chinese-origin tech company is all set to roll out HarmonyOS later in 2021 as...

Battle Lines Are Drawn: Qualcomm’s Latest Acquisition to Challenge Apple, Intel

The quest to gain supremacy creates a butterfly effect for sure. With the challengers and the champion pulling out all stops to...

In-Depth: Dprime

Will ‘TikTok By Microsoft’ Be A Winner?

For the last two years, TikTok has been in the public eye for all sorts of reasons. First, it was the exploded...

Facebook Subscription Model: Looking Beyond Ad Dollars?

Seldom do job listings create a stir this gripping. However, when the job listing in question is a stealth post from Twitter,...

Will The Online Food Delivery Market in India End Up Becoming A Two-Horse Race?

It's pretty much evident that the food delivery space in India is all set to get riled up soon enough as one...

More Articles Like This