And it is not malware that attacks just one service, but several targets like Google, Telegram and other major services.
It is no secret that some states, especially where democracy and the rule of law are lacking, are trying to eavesdrop on their citizens but a recently discovered attempt has been beyond imagination.
Check Point Research has uncovered an attack by a group of Iranian hackers who had targeted political opponents of the regime by developing malware on Android that steals a two-factor verification codes.
Hackers use a phishing trojan to obtain credentials and then try them out with real sites. If the victim has two-factor authentication, the malware intercepts SMS messages by sending a copy to hackers.
The malware can collect contact information, text messages and even audio recordings, but are primarily built to break two-factor verification.
The existence of such malware highlights the importance of using verification systems that avoid SMS. However, SMS is better than nothing.