Iran’s Phishing Pandemic: 245 Fake Banking Apps Target Citizens
Cybercrime in Iran continues to escalate, posing a significant threat to the financial security of local citizens. A recent report by Zimperium has revealed the discovery of 245 counterfeit mobile applications, designed to mimic popular Iranian banks. This extensive campaign aims to pilfer personal data and savings of clients through phishing and malicious software.
Initially detected by Sophos specialists in July 2023, this malicious campaign has since expanded considerably. Initially, the perpetrators created 40 applications mimicking 4 major Iranian banks. The campaign now involves 12 banks and 245 counterfeit applications.
Early versions of these fraudulent applications were capable of stealing bank account credentials and credit card information, intercepting SMS traffic to hijack one-time passwords used for authentication, and hiding application icons to prevent their removal.
Phishing campaign targeting existing and new users. (a) The image is prompting “Login” and “Register”. (b) Screen show if “Login” is | Image: Zimperium
In the latest iteration of the campaign, hackers have added advanced features to their malware to facilitate the collection of credentials and theft of information. It is also noted that the attackers have focused their efforts on Xiaomi and Samsung devices to execute certain functions of their malicious software.
Additional data suggests that the attackers are currently developing a variant of the malware targeting iOS devices.
Beyond the malicious applications, experts have linked these malefactors to phishing attacks using fake websites aimed at the same banks’ customers. Information stolen on these sites is directly sent to Telegram channels controlled by the hackers.
“The phishing campaigns used are sophisticated, trying to mimic original sites in the closest detail,” the researchers reported.
The specific threat group responsible for this campaign and the exact number of users affected remain unclear.
Last week, researchers from Microsoft discovered a similar information theft campaign targeting customers of Indian banks, utilizing mobile malware. Cybercriminals were tricking users into installing fraudulent banking applications on their devices, posing as legitimate entities such as financial institutions, government services, and utility companies.
