Android Users Beware: Your 2FA Code Can Be Stolen By Hackers Now

Must Read

Apple Has Finally Found The Right Partners To Launch Apple Cars By 2025

Rumours of a possible Apple Car in the making has been doing rounds for quite some time. But so...

Superstitions across different countries – An Overview

Some believe that a superstition is anything that people believe that is based on myth, magic, or irrational thoughts. They are beliefs that are steeped in lore or tradition, and it is usually difficult to pinpoint the exact origin. Here is a brief compilation of Superstitions which are prevalent across different countries.

The Absence Of Web ADA Compliance Could Be Costing Your Small Business

If your small business is competitive, you are probably using some form of technology. However, many small business owners...

If you are someone who makes use of two-factor authentication, aka 2FA, to add that extra layer of security on logins and feel that it’s foolproof, you need to pause and rethink.

Well, it turns out that 2FA codes which are sent via SMS are not so very safe after all as they can easily be intercepted by hackers.

Check Point which is a security firm recently revealed that an Iranian hacking group has developed a malware specifically for Android which can steal 2FA codes! Nicknamed as ‘Rampant Kitten’ by the security firm, this hacker group has developed many such tools for the purpose of hacking.


Check Point believes that this group of threat actors are not new to the game. They are known to be active for close to six years and have been partaking in an ongoing surveillance operation against various resistance moments such as Association of Families of Camp Ashraf and Liberty Residents (AFALR), Azerbaijan National Resistance Organization and the Balochistan people.

In these campaigns, Rampant Kittens favoured the use of a wide range of malware families which include four different Windows infostealers and an Android backdoor which disguises itself inside malicious apps.

The Windows malware strains employed by this hacker group not only stole a victim’s personal documents but also files from the desktop client of their Telegram account along with files from KeePass Password manager.

That being said, now it seems like they are changing up their strategy and focusing on exploiting Android users.

In the report published Check Point researchers, they highlighted that the Rampant Kittens’ developed Android backdoor is extremely potent. 


The backdoor has the ability to steal a victim’s entire contacts list and SMS messages along with recording their activities via the microphone and showing them phishing pages.

But here’s where it gets interesting – the backdoor seemed to be containing specific routines that were completely focused on stealing 2FA codes.

According to the researchers of Check Point, this malware, if and when installed on a user’s Android device, could intercept SMS messages that contained the “G-” string and then forward it to the attackers. Thus, it is quite alarming.

Check Point also pointed out the fact that they have uncovered the malware’s ability to automatically forward all incoming SMS messages from Telegram and various other social network apps. These types of messages also tend to contain 2FA codes and it is very likely that Rampant Kittens aims to bypass more than the 2FA of Google accounts.

As of now, the malware has been found inside an Android app which poses as a service to help Persian regional speakers in Sweden to get their driver’s license. 

Therefore, it is highly unlikely this has spread widely in various app stores. However, there’s no confirmation on the fact if the same malware isn’t lurking around other mainstream apps as well, so the situation still remains alarming.

With the introduction of this highly lethal malware, Rampant Kitten has now joined the ranks of APT20 which is a state-sponsored Chinese hacking group that, last year, became known for being able to bypass hardware-based 2FA solutions as well.

All in all, this report clearly shows that malwares are now evolving at a rapid pace.

A month ago we reported how BlackRock, another lethal malware had been infecting Android smartphones by posing as Google updates that ask for permission to observe one’s device actions and retrieve window content.

So, it is well understood that smartphone users, especially Android users, need to be aware and attentive more than ever. We will keep you updated on all future developments. Until then, stay tuned.


  1. very soon, Android users will find out what the utopia ecosystem mobile app is… and try to steal something from them. Unless the phone itself.


Please enter your comment!
Please enter your name here

Latest News

Google’s Dirty Secret Has Left Android Users In Australia Stunned, Strikes Back!

After going head-to-head with Google to make the search giant agreeing to its Media Bargaining Code, Australia is now...

In-Depth: Dprime

Will ‘TikTok By Microsoft’ Be A Winner?

For the last two years, TikTok has been in the public eye for all sorts of reasons. First, it was the exploded and unparalleled...

Facebook Subscription Model: Looking Beyond Ad Dollars?

Seldom do job listings create a stir this gripping. However, when the job listing in question is a stealth post from Twitter, with a...

Will The Online Food Delivery Market in India End Up Becoming A Two-Horse Race?

It's pretty much evident that the food delivery space in India is all set to get riled up soon enough as one of the...

More Articles Like This