A malware that steals the dual-factor authentication code

A malware that steals the dual-factor authentication code

September 29, 2020 Off By admin

Multi-factor authentication is now one of the most effective access security protocols.

This protects access and also allows you to connect without fear of phishing attempts. Especially when you want to connect via another device. The application of dual-factor authentication is extended across several financial sectors. From banking to social networks to administrative utilities.

This article will also interest you: Google Authentificator: a malicious computer program would be able to steal the codes of dual-factor authentication

Additional method added through dual-factor authentication is simply to confirm your status after entering the password through a code that is generated automatically and sending by text or email. In other words, even if the cybercriminal manages to steal the password, it will be difficult for him to get his hands on the authentication code that is generated instantly and send by email to text.

But this reality is likely to change. Indeed, it would appear that there is a malicious program that could break dual-factor authentication.

Last Friday computer security researchers together who discovered it a group of Iranian cyber criminals had managed to develop a new Android malware that would be able to bypass the famous authentication. And this by stealing the codes sent by SMS to for the second check. This hacker group calls itself "Rampant Kitten". It would have been in operation for 6 years now. According to some reports, it is affiliated with the Iranian government and in this context tasked with carrying out certain surveillance operations of potential enemies of the country, organizations such as the organization of the National Resistance of Azerbaijan or the one that fights for the people of Balochistan.

The discovery of this new malware was made by the cybersecurity specialists at CheckPoint Research. They explain this in a report published last Friday. Apparently a backdoor was created by it's computer on Android. Thanks to this opening, it can easily access some of the look of smartphones for our Android devices such as Contacts and text messages. They would also be able to activate the microphone of smartphones and spy on users. And of course the ability to easily grab the codes for multi-factor authentication.

At the moment, we know that the priority of cyber criminals is to target In particular Google services. Indeed, checkpoint researchers claimed that the malware is currently focused on dual authentication messages "containing the "G-chain," a prefix used on all verification messages sent by Google. In practice, the target should be users of services such as Google Drive, Gmail, etc.

To begin with cyber criminals proceeds through a classic phishing tactic. They produce a fake page of the Relevant Google service. They are simply waiting for the user to enter the credentials necessary to access their account. With the activation of dual-factor authentication, the direct computer takes advantage to introduce into the smartphone of their target through a text message a Trojan horse. Malware that will give them access to the message. They will therefore be able to retrieve the identification code sent second for dual authentication.

However, researchers at the cybersecurity company have pointed out that this malware is not typically intended for the Google service although at the moment it seems that it is only in this environment that it focuses. But it seems that hackers are using to get around the dual authentication imposed by the Telegram messaging app of other social networks such as Facebook or even Twitter. It should therefore be remembered that the Iranian hacker group "Rampant Kitten" you are not the only hacker team to succeed in breaking the double authentication. In 2019, the APT20 group was also tipped to circumvent this security protocol. However, putting it into practice under real conditions is not as simple as it sounds. But the risk is not to be overlooked. If this protocol is so targeted by cybercriminals, it is surely that in a certain sense its effectiveness is proven.

Now access an unlimited number of passwords:

Check out our hacking software