Android Users Beware: Your 2FA Code Can Be Stolen By Hackers Now

Must Read

The Growth of OTT: Blip in the Radar Or a Real Threat to Traditional TV?

People are attached to their smartphones way more than they're to any other gadget. In fact, the average person...

Are You A Gaming Geek: ‘Five Commandments’ Before You Buy Video Games Online !

Does your day start with joysticks instead of coffee mugs? Or as a kid your best friends were the...

Top Softwares for Business in 2021 That Every Startup Entrepreneur Must Use

In the conditions of the global pandemic and economic crisis, small and medium-sized businesses face different problems and do...

If you are someone who makes use of two-factor authentication, aka 2FA, to add that extra layer of security on logins and feel that it’s foolproof, you need to pause and rethink.

Well, it turns out that 2FA codes which are sent via SMS are not so very safe after all as they can easily be intercepted by hackers.

Check Point which is a security firm recently revealed that an Iranian hacking group has developed a malware specifically for Android which can steal 2FA codes! Nicknamed as ‘Rampant Kitten’ by the security firm, this hacker group has developed many such tools for the purpose of hacking.


Check Point believes that this group of threat actors are not new to the game. They are known to be active for close to six years and have been partaking in an ongoing surveillance operation against various resistance moments such as Association of Families of Camp Ashraf and Liberty Residents (AFALR), Azerbaijan National Resistance Organization and the Balochistan people.

In these campaigns, Rampant Kittens favoured the use of a wide range of malware families which include four different Windows infostealers and an Android backdoor which disguises itself inside malicious apps.

The Windows malware strains employed by this hacker group not only stole a victim’s personal documents but also files from the desktop client of their Telegram account along with files from KeePass Password manager.

That being said, now it seems like they are changing up their strategy and focusing on exploiting Android users.

In the report published Check Point researchers, they highlighted that the Rampant Kittens’ developed Android backdoor is extremely potent. 


The backdoor has the ability to steal a victim’s entire contacts list and SMS messages along with recording their activities via the microphone and showing them phishing pages.

But here’s where it gets interesting – the backdoor seemed to be containing specific routines that were completely focused on stealing 2FA codes.

According to the researchers of Check Point, this malware, if and when installed on a user’s Android device, could intercept SMS messages that contained the “G-” string and then forward it to the attackers. Thus, it is quite alarming.

Check Point also pointed out the fact that they have uncovered the malware’s ability to automatically forward all incoming SMS messages from Telegram and various other social network apps. These types of messages also tend to contain 2FA codes and it is very likely that Rampant Kittens aims to bypass more than the 2FA of Google accounts.

As of now, the malware has been found inside an Android app which poses as a service to help Persian regional speakers in Sweden to get their driver’s license. 

Therefore, it is highly unlikely this has spread widely in various app stores. However, there’s no confirmation on the fact if the same malware isn’t lurking around other mainstream apps as well, so the situation still remains alarming.

With the introduction of this highly lethal malware, Rampant Kitten has now joined the ranks of APT20 which is a state-sponsored Chinese hacking group that, last year, became known for being able to bypass hardware-based 2FA solutions as well.

All in all, this report clearly shows that malwares are now evolving at a rapid pace.

A month ago we reported how BlackRock, another lethal malware had been infecting Android smartphones by posing as Google updates that ask for permission to observe one’s device actions and retrieve window content.

So, it is well understood that smartphone users, especially Android users, need to be aware and attentive more than ever. We will keep you updated on all future developments. Until then, stay tuned.


  1. very soon, Android users will find out what the utopia ecosystem mobile app is… and try to steal something from them. Unless the phone itself.


Please enter your comment!
Please enter your name here

Latest News

Apple AirTag: An Effective Tool For Thieves To Steal Cars

Thieves have left no stone unturned to make the most of every new technology invented. No matter how hard...

In-Depth: Dprime

Will ‘TikTok By Microsoft’ Be A Winner?

For the last two years, TikTok has been in the public eye for all sorts of reasons. First, it was the exploded and unparalleled...

Facebook Subscription Model: Looking Beyond Ad Dollars?

Seldom do job listings create a stir this gripping. However, when the job listing in question is a stealth post from Twitter, with a...

Will The Online Food Delivery Market in India End Up Becoming A Two-Horse Race?

It's pretty much evident that the food delivery space in India is all set to get riled up soon enough as one of the...

More Articles Like This