Security News > 2020 > December > Iranian RANA Android Malware Also Spies On Instant Messengers
A team of researchers today unveiled previously undisclosed capabilities of an Android spyware implant-developed by a sanctioned Iranian threat actor-that could let attackers spy on private chats from popular instant messaging apps, force Wi-Fi connections, and auto-answer calls from specific numbers for purposes of eavesdropping on conversations.
In September, the US Department of the Treasury imposed sanctions on APT39 - an Iranian threat actor backed by the country's Ministry of Intelligence and Security - for carrying out malware campaigns targeting Iranian dissidents, journalists, and international companies in the telecom and travel sectors.
Formally linking the operations of APT39 to Rana, the FBI detailed eight separate and distinct sets of previously undisclosed malware used by the group to conduct their computer intrusion and reconnaissance activities, including an Android spyware app called "Optimizer.apk" with information-stealing and remote access capabilities.
"The APK implant had information stealing and remote access functionality which gained root access on an Android device without the user's knowledge," the agency stated.
Besides featuring support for receiving commands sent via SMS messages, the latest variant of "Optimizer" malware referenced by the FBI abused accessibility services to access contents of instant messaging applications such as WhatsApp, Instagram, Telegram, Viber, Skype, and an unofficial Iran-based Telegram client called Talaeii.
News URL
Related news
- SoumniBot malware exploits Android bugs to evade detection (source)
- New Brokewell malware takes over Android devices, steals data (source)
- New 'Brokewell' Android Malware Spread Through Fake Browser Updates (source)
- New Wpeeper Android malware hides behind hacked WordPress sites (source)
- Android Malware Wpeeper Uses Compromised WordPress Sites to Hide C2 Servers (source)
- Iranian hackers pose as journalists to push backdoor malware (source)
- Finland warns of Android malware attacks breaching bank accounts (source)
- Android 15, Google Play get new anti-malware and anti-fraud features (source)
- Android 15, Google Play Protect get new anti-malware and anti-fraud features (source)
- Android malware Grandoreiro returns after police disruption (source)