Brother
Professional
- Messages
- 2,590
- Reaction score
- 500
- Points
- 83
An unknown hacker association has already distributed over 200 malicious programs.
Cybercrime in Iran continues to grow, threatening the financial security of local citizens. According to a recent report by Zimperium, researchers found 245 fake mobile apps that mimic popular Iranian banks. This large-scale campaign is aimed at stealing customers personal data and savings through phishing and malware.
Originally discovered by Sophos specialists in July 2023, the malware campaign has since expanded significantly. Initially, the attackers created 40 applications that mimic 4 large Iranian banks. The campaign now involves 12 banks and 245 fake apps.
Early versions of fake apps could steal bank account credentials and credit card information, intercept SMS traffic to steal one-time passwords used for authentication, and hide app icons to prevent them from being deleted.
In the new campaign, hackers have added additional features to their malware to make it easier to collect credentials and steal information. It also clarifies that the attackers focused their attention on Xiaomi and Samsung devices to perform some functions of malware.
Other data indicates that the attackers are currently probably working on a variant of malware that targets iOS devices.
In addition to malicious apps, experts linked these attackers to phishing attacks with fake websites targeting customers of the same banks. The data stolen on these sites is sent directly to Telegram channels controlled by hackers.
"The phishing campaigns used are complex and attempt to mimic the original sites in great detail," the researchers said.
It is not yet clear which threat group this campaign belongs to and how many users it specifically affected.
Last week, Microsoft discovered a similar information theft campaign targeting customers of Indian banks using mobile malware. Cybercriminals forced users to install fraudulent banking apps on their devices, posing as legitimate organizations such as financial institutions, government services, and utilities.
Cybercrime in Iran continues to grow, threatening the financial security of local citizens. According to a recent report by Zimperium, researchers found 245 fake mobile apps that mimic popular Iranian banks. This large-scale campaign is aimed at stealing customers personal data and savings through phishing and malware.
Originally discovered by Sophos specialists in July 2023, the malware campaign has since expanded significantly. Initially, the attackers created 40 applications that mimic 4 large Iranian banks. The campaign now involves 12 banks and 245 fake apps.
Early versions of fake apps could steal bank account credentials and credit card information, intercept SMS traffic to steal one-time passwords used for authentication, and hide app icons to prevent them from being deleted.
In the new campaign, hackers have added additional features to their malware to make it easier to collect credentials and steal information. It also clarifies that the attackers focused their attention on Xiaomi and Samsung devices to perform some functions of malware.
Other data indicates that the attackers are currently probably working on a variant of malware that targets iOS devices.
In addition to malicious apps, experts linked these attackers to phishing attacks with fake websites targeting customers of the same banks. The data stolen on these sites is sent directly to Telegram channels controlled by hackers.
"The phishing campaigns used are complex and attempt to mimic the original sites in great detail," the researchers said.
It is not yet clear which threat group this campaign belongs to and how many users it specifically affected.
Last week, Microsoft discovered a similar information theft campaign targeting customers of Indian banks using mobile malware. Cybercriminals forced users to install fraudulent banking apps on their devices, posing as legitimate organizations such as financial institutions, government services, and utilities.
