The anonymous group, nicknamed ‘Rampant Kitten’ has created an Android backdoor that can steal 2FA codes, and can run phishing programs on Telegram
Check Point research has given news about an Iranian hacker group that has developed tools for stealing information from Windows systems, Telegram and also through SMS. As per the researchers at Check Point, the tools were put to test against Iranian minorities, anti-regime organisations and resistance movements.
What’s their objective?
The group, nicknamed “Rampant Kitten” has been active for about six years. Check Point revealed the tool that they have created, one of which is four variants of Windows infostealers that can steal a user’s personal documents. It will also get them access to the user’s Telegram desktop app, and KeePass account information.
They have also developed an Android backdoor which can extract two-factor authentication codes from SMS messages. They have disguised the backdoor as an app that helps Persian speakers in Sweden get their driver’s license. As per 2FA, they are also able to access the user’s contacts and account details, device information and active voice recording. Google account phishing attacks can also be performed.
Telegram is also one of their favourite haunts. They even got as far as posing as the official Telegram account and gave out phishing pages. Just like the real account, they started off with sending messages about new updates. After a few days, they will start with the phishing messages. The messages would be warnings stating that the accounts were reported for misusing Telegram, and that they would have to verify it by clicking on a link.
As per Check Point, the group’s current objective seems to be able to understand the behaviour and activities of the users.
(Cover: Getty)