Security News > 2020 > September > Android Malware Bypasses 2FA And Targets Telegram, Gmail Passwords
Researchers have uncovered a threat group launching surveillance campaigns that target victims' personal device data, browser credentials and Telegram messaging application files.
One notable tool in the group's arsenal is an Android malware that collects all two-factor authentication security codes sent to devices, sniffs out Telegram credentials and launches Google account phishing attacks.
The threat group has relied on a wide array of tools for carrying out their attacks, including four Windows info-stealer variants used for pilfering Telegram and KeePass account information; phishing pages that impersonate Telegram to steal passwords; and the aforementioned Android backdoor that extracts 2FA codes from SMS messages and records the phone's voice surroundings.
These include the TelB and TelAndExt variants, which focus on Telegram; a Python infostealer that is focused on stealing data from Telegram, Chrome, Firefox and Edge; and a HookInjEx variant, an infostealer that targets browsers, device audio, keylogging and clipboard data.
A Telegram bot was sending phishing messages warning recipients that they were making improper use of Telegram's services, and that their account will be blocked if they do not enter the phishing link.
News URL
https://threatpost.com/android-2fa-telegram-gmail/159384/
Related news
- Russian Espionage Group Targets Ukrainian Military with Malware via Telegram (source)
- Russia targets Ukrainian conscripts with Windows, Android malware (source)
- Android malware "FakeCall" now reroutes bank calls to attackers (source)
- New FakeCall Malware Variant Hijacks Android Devices for Fraudulent Banking Calls (source)
- New Android Banking Malware 'ToxicPanda' Targets Users with Fraudulent Money Transfers (source)
- Cyber crooks push Android malware via letter (source)
- SpyLoan Android malware on Google play installed 8 million times (source)
- 8 Million Android Users Hit by SpyLoan Malware in Loan Apps on Google Play (source)
- New DroidBot Android banking malware spreads across Europe (source)
- New DroidBot Android malware targets 77 banking, crypto apps (source)