Malware Posing as Human Rights Organizations (Iran Threats: Documenting Iranian State Sponsored Hacking)
thomwithoutanh's bookmarks 2016-09-02
As recently as Sunday, August 28, this RAT was used once again to target journalists and the foreign policy establishment, when the Telegram of one prominent journalist was compromised – in this case, posing as an additional set of stickers for Telegram. In this case, the RAT appeared to provide the intruders a vector to access Telegram credentials for individuals outside of Iran, which is relevant to our description of other tactics used to breach users of the extremely popular service. The Android malware in the previous notice mirrored a sustained campaign that we had begun monitoring, including both agents impersonating TeamSpeak. Once again, in the case of the Telegram sticker incident, Android malware was sent alongside a custom Windows agent.
From feeds:Messaging Apps » thomwithoutanh's bookmarks
The Engine Room » Messaging Apps