Alien RAT with 2FA-Stealing Technique

What has happened?

• Researchers reported the Alien RAT targeting a list of at least 226 mobile applications, including banking apps such as BBVA Spain, Bank of America Mobile Banking, as well as a slew of collaboration and social networking apps such as Twitter, Snapchat, and Instagram.
• It comes equipped with an advanced ability to bypass two-factor authentication (2FA) security measures to steal the victim’s credentials. The malware also abuses the TeamViewer application to gain full remote control over the victim’s devices.
• It has been targeting multiple institutions worldwide including Australia, France, Germany, Italy, Poland, Spain, Turkey, the U.K, and the U.S.

The Cerberus link

• Alien RAT has been implemented separately from the main command handler using different command-and-control (C2) endpoints.
• Moreover, Alien’s 2FA-stealing technique is an additional feature than Cerberus’s capabilities.

More malware adding 2FA-bypass technique

• Several attackers and malware operators have upgraded their malware and attack vectors to target the 2FA-bypass technique and carry out more successful attacks.
• Recently, the Rampant Kitten group had developed a custom Android malware capable of stealing and intercepting 2FA codes sent via SMS.
• Last month, the Israel-based gym app management platform Fizikal was found vulnerable to a few exploits, which could allow attackers to carry out a 2FA-bypass attack.

The bottom line