Security firm Check Point said it uncovered an Iranian hacking group that has developed special Android malware capable of intercepting and stealing two-factor authentication (2FA) codes sent via SMS.
The malware was part of an arsenal of hacking tools developed by a hacker group the company has nicknamed Rampant Kitten.
Check Point says the group has been active for at least six years and has been engaged in an ongoing surveillance operation against Iranian minorities, anti-regime organizations, and resistance movements such as:
These campaigns involved the use of a wide spectrum of malware families, including four variants of Windows infostealers and an Android backdoor disguised inside malicious apps.
- Association of Families of Camp Ashraf and Liberty Residents (AFALR)
- Azerbaijan National Resistance Organization
- the Balochistan people