Two-factor authentication (2FA) is only effective at adding an extra layer of account security if the device to which you receive a verification code is itself uncompromised. Otherwise, the code can be stolen to effectively bypass 2FA, which a group of Iranian hackers has been uncovered to be doing for years in targeting Iranian dissidents and activists.
According to security researcher Check Point, the Iranian group with a designated name Rampant Kitten has developed an Android backdoor malware hidden inside malicious apps to gain remote access to a victim’s Android device.
- How to get rid of malware from your Android smartphone
- A hacked or data-breached company is no laughing matter
Once the backdoor gains a foothold in a device, it allows Rampant Kitten to read the contact list and text messages, spy on the user via the microphone, and even send texts. That last capability is how the group steals 2FA verification codes. The backdoor simply waits for a verification code to arrive in the SMS inbox and forwards the code to the group.
Besides stealing 2FA codes, the backdoor can also force the device to display phishing pages that impersonate sites such as Telegram to lure unsuspecting users into entering their usernames and passwords.