Singapore markets open in 2 hours 13 minutes
  • Straits Times Index

    2,525.61
    -3.03 (-0.12%)
     
  • S&P 500

    3,435.56
    -7.56 (-0.22%)
     
  • Dow

    28,210.82
    -97.97 (-0.35%)
     
  • Nasdaq

    11,484.69
    -31.80 (-0.28%)
     
  • BTC-USD

    13,077.08
    +2,020.07 (+18.27%)
     
  • CMC Crypto 200

    258.26
    +13.37 (+5.46%)
     
  • FTSE 100

    5,776.50
    -112.72 (-1.91%)
     
  • Gold

    1,928.90
    -0.60 (-0.03%)
     
  • Crude Oil

    40.02
    -0.01 (-0.02%)
     
  • 10-Yr Bond

    0.8160
    +0.0190 (+2.38%)
     
  • Nikkei

    23,639.46
    +72.42 (+0.31%)
     
  • Hang Seng

    24,754.42
    +184.88 (+0.75%)
     
  • FTSE Bursa Malaysia

    1,492.40
    -18.57 (-1.23%)
     
  • Jakarta Composite Index

    5,096.45
    -3.39 (-0.07%)
     
  • PSE Index

    6,278.59
    +165.88 (+2.71%)
     

Iranian hackers' Android malware spies on dissidents by stealing 2FA codes

Jon Fingas
·Associate Editor
·1-min read

It’s no secret that some countries have spied on their citizens through innocuous-looking apps, but one effort is more extensive than usual. Check Point Research has discovered (via ZDNet) that Rampant Kitten, an Iranian hacker group that has targeted the country’s political opponents for years, has developed Android malware focused on stealing two-factor authentication codes. It isn’t just focused on any one service, either — it targets Google, Telegram, and other major internet or social services.

The attackers first use a phishing trojan to collect login details, and then try those with the real site. If the victim has two-factor authentication turned on, the newly-reported malware intercepts the incoming SMS messages and quietly sends copies to the intruders.

The code also has tools to grab contacts, text message logs and even microphone audio, but it’s unusually centered around two-factor data. It has so far been found in an app pretending to help Persian speakers in Sweden get driver’s licenses, but it might be available in other apps.

This is an important discovery. Although it’s no secret that likely state-backed groups can get around two-factor requests, it’s difficult to see how those systems work. It also stresses the importance of using two-authentication systems that avoid SMS, such as hardware security keys. SMS is better than nothing, but it’s no longer a deterrent for the most determined intruders — whether they’re pro-government spies or everyday criminals.