Security News > 2021 > December > Researchers Warn Iranian Users of Widespread SMS Phishing Campaigns

Researchers Warn Iranian Users of Widespread SMS Phishing Campaigns
2021-12-02 19:39

Socially engineered SMS messages are being used to install malware on Android devices as part of a widespread phishing campaign that impersonates the Iranian government and social security services to make away with credit card details and steal funds from victims' bank accounts.

"The malicious application not only collects the victim's credit card numbers, but also gains access to their 2FA authentication SMS, and turn[s] the victim's device into a bot capable of spreading similar phishing SMS to other potential victims," Check Point researcher Shmuel Cohen said in a new report published Wednesday.

The cybersecurity firm said it uncovered several hundred different phishing Android applications that masqueraded as device tracking apps, Iranian banks, dating and shopping sites, cryptocurrency exchanges, and government-related services, with these botnets sold as a "Ready-to-use mobile campaign kit" on Telegram channels for anywhere between $50 to $150. The smishing botnet's infection chain commences with a fake notification from the Iranian Judiciary urging users to review a supposed complaint filed against the recipients of the message.

The malware comes with a wealth of capabilities that allow it to exfiltrate all SMS messages received by a device to an attacker-controlled server, hide its icon from the home screen to thwart attempts to remove the app, deploy additional payloads, and acquire worm-like powers to expand its attack surface and spread custom smishing messages to a list of phone numbers retrieved from the server.

"This allows the actors to distribute phishing messages from the phone numbers of typical users instead of from a centralized place and not be limited to a small set of phone numbers that could be easily blocked," Cohen explained.

Making matters worse, the attackers behind the operation have been found to follow poor operational security, thereby making it possible for any third party to freely access the phone numbers, contacts, SMS messages, and the list of all the online bots hosted on their servers.


News URL

https://thehackernews.com/2021/12/researchers-warn-iranian-users-of.html