Security researchers from Check Point found ongoing malware campaigns targeting Iran citizens. The campaign reportedly uses socially engineered SMS messages to infect tens of thousands of victims’ devices.
The researchers stated that attackers leveraged specially crafted messages to impersonate officials from the Iranian government to trick victims into downloading malicious Android applications that steal credit card data, personal messages, and two-factor authentication codes. Once attackers get hold of the data, they make unauthorized money withdrawals and turn each infected device into a bot to spread the malware to other devices.
The threat actors used the Smishing technique to distribute the malware. In Smishing attacks, fraudsters send a specially crafted message (SMS), provoking the user to click on a malicious URL hidden in the text. Besides, the attackers used multiple Telegram channels to promote and sell their malicious tools.
“For $50-$150, the threat actors provide a full ‘Android Campaign Kit’ including the malicious application and underlying infrastructure, with a control panel that can be easily managed by any unskilled attacker via a simple Telegram bot interface,” the researchers said.
The Android backdoor used in this campaign is capable of:
Also Read: How to Find a Phishing Email
Check Point suspects that the campaign has compromised and installed malware on tens of thousands of Android devices, resulting in the theft of billions of Iranian Rials from victims, with estimates of $1,000 to $2,000 per victim.
Alexandra Gofman, Threat Intelligence Team Leader at Check Point Software, said, “The general population of Iran is in a growing situation where cyberattacks significantly impact day-to-day lives. These attacks began with the railways, which we traced to a group called Indra. The attacks continued with gas stations and then the national aviation company. Now, we’re seeing yet another cyberattack that shows how even pure cybercrime can make headlines and chaos, hurting many in Iran. Although we do not see a direct connection between these latest cyberattacks and the aforementioned major attacks, our latest insights show how even unsophisticated cyberattacks significantly damage Iran’s general population. We believe these recent cyberattacks to be financially motivated and a form of pure cybercrime. We suspect the threat actors involved are likely from Iran itself.”
The post Threat Actors Leverage Smishing to Target Iran Citizens appeared first on CISO MAG | Cyber Security Magazine.
Click to Open Code Editor