Security company Check Point Research has unveiled a hacking campaign that includes cyberattacks by Iranian government officials to infect Iranian citizens' mobile devices via SMS.
See also: Ukraine arrests Phoenix hackers
SMS messages urge victims to download Android apps related to official Iranian services, such as Iran's Electronic Judicial Services. The first SMS usually claim that a complaint has been lodged against the victim and that a request needs to be received to respond.
Once downloaded, the applications allow hackers to access the victim's personal messages. Victims are asked to enter their credit card information to cover a service charge, giving attackers access to card information that they can then use. By accessing a victim's personal messages, intruders can override two-factor authentication.
Check Point Research said the campaign is ongoing and is being used to infect tens of thousands of devices. Iranian citizens have used social media to complain about fraud. Some Iranian media outlets have reported on the issue.
Check Point's Shmuel Cohen said in a campaign, more than 1.000 people downloaded the malware in less than 10 days. Even if they did not enter their credit card details, their device became part of it botnet.
Alexandra Gofman, head of the threat intelligence team at Check Point, told ZDNet that the attacks appeared to be a form of cybercrime and were not attributed to any state-backed agent.
The speed and spread of these cyber attacks is unprecedented, Gofman said, adding that it is an example of a successful campaign aimed at the general public.
Check Point explained that cybercriminals behind the attack use a technique known as "smishing botnets". Devices that have already been compromised are used to send SMS messages to other devices.
The people behind the technique now offer it to others at Telegram for up to $ 150, giving anyone with the infrastructure the ability to launch similar attacks effortlessly. Although Iranian police have been able to apprehend one of the culprits, there are dozens of different cybercriminals in Iran who are currently using the tool.
The company estimates that about $ 1.000 to $ 2.000 has been stolen from most of the victims. Intruders offer personal information that has been stolen to others online.
Gofman added that the general population of Iran is now in a situation where cyber attacks significantly affect their daily lives.
Source of information: zdnet.com