Attackers are impersonating the Iranian government in the latest SMS malware campaign against Iranian residents. The attackers are using socially engineered messages to compromise devices, seeking bank credentials. The campaign targets Android users by installing bank information-stealing malware that can exfiltrate credit card data and siphon money from financial accounts. Check Point Research estimates that the campaign has already compromised thousands of devices, resulting in the theft of billions of Iranian rials, the equivalent of hundreds of thousands of US dollars.
Check Point Research released a report detailing the campaign on Wednesday. The campaign begins as a smashing attack, prompting the user to click on a malicious link that leads to a website hosted by the attackers. The target is then asked to enter account information while the Android malware installs a backdoor on devices. The scale of the attack is alarming, according to Check Point’s report. The company added that the campaign has compromised an unprecedented number of victims, many of whom have taken to social media to share accounts of how their finances were drained by the cybercriminals.
Read More: Widespread ‘Smishing’ Campaign Defrauds Iranian Android Users