{"id":44298,"date":"2021-12-07T00:38:54","date_gmt":"2021-12-07T00:38:54","guid":{"rendered":"http:\/\/b51d7fef-bd04-44e9-aea3-e5d410d2e387"},"modified":"2021-12-07T00:38:54","modified_gmt":"2021-12-07T00:38:54","slug":"hackers-pretending-to-be-iranian-govt-use-sms-messages-to-steal-credit-card-info-create-botnet","status":"publish","type":"post","link":"https:\/\/www.threatshub.org\/blog\/hackers-pretending-to-be-iranian-govt-use-sms-messages-to-steal-credit-card-info-create-botnet\/","title":{"rendered":"Hackers pretending to be Iranian govt use SMS messages to steal credit card info, create botnet"},"content":{"rendered":"

Security company Check Point Research has uncovered<\/a> a hacking campaign that involves cyberattackers impersonating Iranian government bodies to infect the mobile devices of Iranian citizens through SMS messages. <\/p>\n

The SMS messages urge victims to download Android applications related to official Iranian services, such as the Iranian Electronic Judicial Services. The first messages typically claim that a complaint has been filed against the victim and that an application needs to be downloaded in order to respond. <\/p>\n

Once downloaded, the applications allow hackers to access the victim’s personal messages. Victims are asked to enter credit card information in order to cover a service fee, giving attackers access to card information that can now be used. With access to a victim’s personal messages, the attackers can also get past two-factor authentication. <\/p>\n

Check Point Research said the campaign is ongoing and is being used to infect tens of thousands of devices. In addition to the Check Point report, Iranian citizens have taken to social media<\/a> to complain about the scams. Some Iranian news outlets are also covering the issue<\/a>. <\/p>\n

“The threat actors then proceed to make unauthorized money withdrawals and turn each infected device into a bot, spreading the malware to others. CPR attributes attacks to threat actors, likely in Iran, who are financially motivated,” the cybersecurity company explained. <\/p>\n

“CPR estimates tens of thousands of Android devices have fallen victim, leading to theft of billions of Iranian Rial. Threat actors are using Telegram channels to transact malicious tools involved for as low as $50. CPR’s investigation reveals that data stolen from victims’ devices has not been protected, making it freely accessible to third parties online.”<\/p>\n

Check Point’s Shmuel Cohen said in one campaign, more than 1,000 people downloaded the malicious application in less than 10 days. Even if they did not enter credit card information, their device became part of the botnet. <\/p>\n

\"s3.jpg\"<\/span>