Security News > 2021 > December > Widespread ‘Smishing’ Campaign Defrauds Iranian Android Users

Attackers are impersonating the Iranian government in a widespread SMS phishing campaign that is defrauding thousands of Android users by installing malware on their devices that can steal their credit card data and siphon money from financial accounts.

The campaign is first delivered as a standard smishing attack, using socially engineered SMS messages sent to a potential victim's device to lure them to a malicious website, researchers said.

What's been impressive about the campaign is its ability of attackers to defraud so many people of so much money, researchers said.

The malware delivered to targets via the malicious site has a number of backdoor capabilities that allow attackers to steal money from people's accounts, maintain persistence on their devices, and allow attackers to take over device functionality, researchers reported.

The attack typically begins with an SMS message from an electronic judicial notification system that notifies the victim that a new complaint was opened against them-which in Iran, is not something to be ignored, researchers said.

The malware payload of the campaign also has been installed on a person's device at this point, allowing the attacker to proceed with further theft and other malicious activity.

News URL

https://threatpost.com/smishing-campaign-iranian-android-users/176679/