Security News > 2020 > September > Android Malware Bypasses 2FA And Targets Telegram, Gmail Passwords
Researchers have uncovered a threat group launching surveillance campaigns that target victims' personal device data, browser credentials and Telegram messaging application files.
One notable tool in the group's arsenal is an Android malware that collects all two-factor authentication security codes sent to devices, sniffs out Telegram credentials and launches Google account phishing attacks.
The threat group has relied on a wide array of tools for carrying out their attacks, including four Windows info-stealer variants used for pilfering Telegram and KeePass account information; phishing pages that impersonate Telegram to steal passwords; and the aforementioned Android backdoor that extracts 2FA codes from SMS messages and records the phone's voice surroundings.
These include the TelB and TelAndExt variants, which focus on Telegram; a Python infostealer that is focused on stealing data from Telegram, Chrome, Firefox and Edge; and a HookInjEx variant, an infostealer that targets browsers, device audio, keylogging and clipboard data.
A Telegram bot was sending phishing messages warning recipients that they were making improper use of Telegram's services, and that their account will be blocked if they do not enter the phishing link.
News URL
https://threatpost.com/android-2fa-telegram-gmail/159384/
Related news
- DoNot Team Linked to New Tanzeem Android Malware Targeting Intelligence Collection (source)
- Crypto-stealing iOS, Android malware found on App Store, Google Play (source)
- SpyLend Android malware downloaded 100,000 times from Google Play (source)
- Vo1d malware botnet grows to 1.6 million Android TVs worldwide (source)
- BadBox malware disrupted on 500K infected Android devices (source)
- Desert Dexter Targets 900 Victims Using Facebook Ads and Telegram Malware Links (source)