Iranian Hackers Create Bogus Android Apps To Steal 2FA SMS Codes

  • 06 Oct 2020
  • Hacks

Around 3.5 billion smartphone users worldwide, it's inevitable that the mobile app industry is booming. There are around 3 billion apps available for download on both Apple App Store and Google Play Store for Androids.

But are all apps legitimate to download with no ulterior motive behind them?

Usually security experts recommend two factor authentication as a way to add an extra layer of security to online accounts and services.

However, Iranian hackers, who are known to have targeted the country’s political parties for years, have now developed Android Malware that is focused on stealing two-factor authentication codes. The malware is clever enough to target the major internet services including, Google, Telegram and many more internet services. It comes as a backdoor in innocuous-looking applications and performs intrusive tasks, such as stealing information.


Details of the Hack

The group of Irainan hackers are nicknamed ‘Rampant Kitten’. The group has hidden malware in an app that is pretending to help Persian speakers in Sweden get drivers licenses. This raises questions about other apps it could have been injected into. Going off Rampant Kitten’s reputation, researchers believe that other apps targeted with the malicious backdoor will be those who are opposing the Tehran Regime.

A Phishing trojan is used to collect login details from the app. If the victim chooses the option to use a two-factor authentication, the malware obstructs the incoming SMS and gets the code back to the hackers. Allowing them access to any data confidential to the victim.

Not only does the app use Phishing Trojans, it has the tools to collect contacts, messaging logs and microphone audio.

For applications operating through Google, the malware is looking out for messages containing the “G-” string, this is the combination the company uses for its 2FA codes when sent out. For other services it affects, it automatically forwards all incoming messages related to gaining access to confidential information.


3 Ways to check a App is Authentic

1. Check the Publisher & Developer
Before downloading an app it's important to research the app publisher and get more information on the app. A quick google search will come up with verified information on the developers of the app too. Scammers who copy established companies will usually use the same name but with small spelling errors. Such as - the legitimate web domain but the scammers will use or

2. Check app reviews, ratings and reputation
Authentic apps will have thousands of positive reviews whereas a fake app will likely have no reviews or reviews that have been posted multiple times. The scammers will use fake reviews that are usually short and generic. If you are still unsure after looking at reviews, look at the developer to see if there are more apps developed by the same company, the more apps developed by a company, usually means it's authentic.

3. Check an app publish date
Authentic apps will update regularly showing its been around for awhile and updating software to improve user experience. Updates usually change the appearance to an app so that users can see the improvements. Whereas fake apps will have little or any updates and will show no difference in appearance as the updates have not taken place or the update isn't legitimate.

Always double check what you’re downloading on your devices to make sure you aren't opening up your device to any malicious malware. Stay protected and be cyber aware.


Share this page

Go back