The texts prompted victims to download malicious applications that then steal credit card information and two-factor authentication codes. (Getty)

By Maggie Miller

December 2, 2021

Financially motivated hackers likely based in Iran are successfully targeting and stealing billions in currency from Iranian civilians through a texting campaign, new research released Wednesday found.

Israeli-American cybersecurity company Check Point Research found evidence that tens of thousands of Iranians had been targeted in the scheme, which involved the hackers sending texts to Android users that impersonated branches of the Iranian government.

The texts prompted victims to download malicious applications that then steal credit card information and two-factor authentication codes, with the infected devices then used as bots by the hackers to spread the campaign further. The average victim lost between $1,000 and $2,000, and the Check Point researchers found that the stolen data was easily accessible online to third parties.

“The general population of Iran is in a growing situation where cyberattacks significantly impact day-to-day lives,” Alexandra Gofman, the threat intelligence team leader at Check Point Software, said in a quote provided to The Hill. “We believe these recent cyberattacks to be financially motivated and a form of pure cybercrime. We suspect the threat actors involved are likely from Iran itself.”

The new research was released months after Check Point Research published separate findings tying cyberattacks on Iran’s railroad system and its Ministry of Roads and Urbanization to a hacking group known as “Indra,” which Check Point concluded was likely not controlled by a nation state and was opposed to the Iranian government.

Gofman noted that while the new findings were not directly connected to the Indra hacking group, both incidents highlighted the “significant damage” cyberattacks could do to the Iranian population.

“The velocity and spread of these cyberattacks are unprecedented. It’s an example of a monetarily-successful campaign aimed at the general public,” Gofman stressed. “The campaign exploits social engineering and causes major financial loss to its victims, despite the low quality and technical simplicity of its tools.”

The report from Check Point noted that while there are steps to take that can prevent Android devices from being compromised, such as only downloading applications on official stores, it was critical to raise awareness about SMS-phishing threats among the public.

“Although these specific campaigns are widespread in Iran, they can take place in any other part of the world,” Gofman said. “I think it’s important to raise awareness of social engineering schemes that are employed by malicious actors.”

The Hill

About Track Persia

Track Persia is a Platform run by dedicated analysts who spend much of their time researching the Middle East, in due process we fall upon many indications of growing expansionary ambitions on the part of Iran in the MENA region and the wider Islamic world. These ambitions commonly increase tensions and undermine stability.