Iranian hackers create a backdoor for Android


In theory, the Verification or Authentication system in 2 steps is one of the most secure cybersecurity options at the moment. An extra code that we receive on the mobile, by SMS, by mail, etc., and which serves to validate the login after having entered the password. But apparently this is not the case, and in the current scenario of espionage, counterespionage and cyber espionage, the system has been busted, at least on Android.


Cybersecurity company Check Point Research unraveled an ongoing surveillance operation of Iranian entities that has targeted Iranian expatriates and dissidents for years. While some individual sightings of this attack were previously reported by other researchers and journalists, “our investigation allowed us to connect the different campaigns and attribute them to the same attackers.”

Among the different attack vectors were:

– Four variants of Windows infostealers intended to steal the victim’s personal documents, as well as access to their Telegram Desktop and their KeePass account information

– Android back door that extracts two-factor authentication codes from SMS messages, records the surroundings of where the mobile is using its micro, and more

– Phishing pages of the Telegram app, distributed using fake Telegram service accounts

The aforementioned instruments and methods seem to be used primarily against Iranian minorities, anti-regulation organizations and resistance movements such as:

– Association of Families of Residents of Camp Ashraf and Liberty (AFALR)

– National Organization of Resistance of Azerbaijan

– The people of Balochistan

See Also
Iranian Hackers Allegedly Attack VPN Servers to Infiltrate Companies


Please enter your comment!
Please enter your name here