Security News > 2020 > December > Iranian RANA Android Malware Also Spies On Instant Messengers

A team of researchers today unveiled previously undisclosed capabilities of an Android spyware implant-developed by a sanctioned Iranian threat actor-that could let attackers spy on private chats from popular instant messaging apps, force Wi-Fi connections, and auto-answer calls from specific numbers for purposes of eavesdropping on conversations.

In September, the US Department of the Treasury imposed sanctions on APT39 - an Iranian threat actor backed by the country's Ministry of Intelligence and Security - for carrying out malware campaigns targeting Iranian dissidents, journalists, and international companies in the telecom and travel sectors.

Formally linking the operations of APT39 to Rana, the FBI detailed eight separate and distinct sets of previously undisclosed malware used by the group to conduct their computer intrusion and reconnaissance activities, including an Android spyware app called "Optimizer.apk" with information-stealing and remote access capabilities.

"The APK implant had information stealing and remote access functionality which gained root access on an Android device without the user's knowledge," the agency stated.

Besides featuring support for receiving commands sent via SMS messages, the latest variant of "Optimizer" malware referenced by the FBI abused accessibility services to access contents of instant messaging applications such as WhatsApp, Instagram, Telegram, Viber, Skype, and an unofficial Iran-based Telegram client called Talaeii.

News URL

http://feedproxy.google.com/~r/TheHackersNews/~3/wzY33uhZXs4/iranian-rana-android-malware-also-spies.html