Security company Check Point Research has uncovered a hacking campaign that involves cyberattackers impersonating Iranian government bodies to infect the mobile devices of Iranian citizens through SMS messages.
The SMS messages urge victims to download Android applications related to official Iranian services, such as the Iranian Electronic Judicial Services. The first messages typically claim that a complaint has been filed against the victim and that an application needs to be downloaded in order to respond.
Once downloaded, the applications allow hackers to access the victim’s personal messages. Victims are asked to enter credit card information in order to cover a service fee, giving attackers access to card information that can now be used. With access to a victim’s personal messages, the attackers can also get past two-factor authentication.
Check Point Research said the campaign is ongoing and is being used to infect tens of thousands of devices. In addition to the Check Point report, Iranian citizens have taken to social media to complain about the scams. Some Iranian news outlets are also covering the issue.
“The threat actors then proceed to make unauthorized money withdrawals and turn each infected device into a bot, spreading the malware to others. CPR attributes attacks to threat actors, likely