Cyber security company Check Point released a report revealing the discovery of a new piece of malware. It would be the work of a group of Iranian hackers who soberly christened the rampant kitten, which translates literally ” Wild kitten “.
According to the company, which specializes in cybersecurity solutions such as antivirus, this organization has been supported by the Iranian state since it began its activities – six years ago. All these years the group has targeted minorities, groups that oppose the current government or local associations. The victims include, for example, the Organization of the National Resistance of Azerbaijan and the Association of Families of Residents of Ashraf Camp and Freedom (AFALR), reports the specialist media. ZDNet.
The malware that Check Point discovered is not the only one developed by the Rampant Kitten hackers, it also has malicious tools for Windows. This time, the malware is targeting smartphones, and Android in particular.
Google Accounts are affected, but not only
In its report, the company points out that the malware is a backdoor that can steal duplicate authentication codes that users received on their Android smartphones. That’s not all as this tool can also steal the contacts or record the victim’s voice conversations through the microphone.
Check Point returns to two-factor authentication and reports that the malware can discreetly copy text messages using the known codes – also known as 2FA. All messages containing the G-string assigned to Google are sent back to attackers, who can then quietly log into the victims’ Google accounts and steal and then use the personal data there. It can also be used to target attacks such as Phishing or Spearfishing.
The malware does not specifically target Google accounts, but also 2FA codes from other applications – including the encrypted messaging service Telegram. We can already imagine the consequences of this tool if a group of Iranian hackers succeeded in accessing the private exchange of a group of opponents or a political activist by bypassing double authentication in this way.