Security News > 2020 > September > Android Malware Bypasses 2FA And Targets Telegram, Gmail Passwords

Researchers have uncovered a threat group launching surveillance campaigns that target victims' personal device data, browser credentials and Telegram messaging application files.

One notable tool in the group's arsenal is an Android malware that collects all two-factor authentication security codes sent to devices, sniffs out Telegram credentials and launches Google account phishing attacks.

The threat group has relied on a wide array of tools for carrying out their attacks, including four Windows info-stealer variants used for pilfering Telegram and KeePass account information; phishing pages that impersonate Telegram to steal passwords; and the aforementioned Android backdoor that extracts 2FA codes from SMS messages and records the phone's voice surroundings.

These include the TelB and TelAndExt variants, which focus on Telegram; a Python infostealer that is focused on stealing data from Telegram, Chrome, Firefox and Edge; and a HookInjEx variant, an infostealer that targets browsers, device audio, keylogging and clipboard data.

A Telegram bot was sending phishing messages warning recipients that they were making improper use of Telegram's services, and that their account will be blocked if they do not enter the phishing link.

News URL

https://threatpost.com/android-2fa-telegram-gmail/159384/