Rampant Kitten: The Iranian threat actor Rampant Kitten has developed Android malware that is designed to steal 2-factor Authentication (2FA) codes from text messages. Research from Checkpoint security reported that the group has been active for six years and its main functions include surveillance against Iranian minorities, anti-regime organizations, and resistance movements. The threat actor has primarily utilized Windows trojans, but they have been known to use Android malware as well. In this case, the backdoor that was hidden in an application would steal the victim’s contact list and SMS messages, silently record the victim through the microphone, and show phishing pages. The malware was specifically designed to forward any messages to the threat actor that began with “G-”—which is a typical sign that the message is a 2FA code for Google accounts. Further research also showed that the threat actor was stealing codes from Telegram and other social media applications.
By Anthony Zampino Introduction Leading up to the most recent Russian invasion of Ukraine in