Beware of this new SMS scam

Beware of this new SMS scam

You will also be interested


[EN VIDÉO] Kézako: how is data encrypted on the Internet?
Cryptography is the oldest form of encryption. There are traces of its use until 2,000 BC. This technique still used today, especially on the Web, reveals its mysteries on video thanks to the Kézako program from Unisciel and the University of Lille 1.

Just as there is disposable email addresses to avoid spam, disposable telephone numbers appeared a few years ago. Their objective: to enable services to be activated by SMS or authenticate your identity without giving their real phone number. Ideal to avoid then receiving fraudulent calls from false training accounts or false activations of your vital card. Ideal for preventing your mobile phone number from lying around Internetand is not shared.

Except that clever little guys have decided to create a botnet that precisely recovers these “disposable” numbers to keep them and thus access the services to which you are subscribed, but also to create accounts verified by telephone. A fraudulent way to use verification by double authentication.

More than 5,500 infections in France

According to Trend Micro, there are already tens of thousands of hacked numbers, mainly in Indonesia, Russia and Thailand, but France is the most affected country in Europe with more than 5,500 infections! Majority of affected devices are phones android entry-level models from ZTE, Meizu, Huawei, Oppo and even HTC, and the most worrying thing is that Trend does not rule out that malware were installed before purchasing the phone! Which would mean the hackers got access to the phone’s design chain…

Trend Micro has identified Guerrilla malware designed to analyze SMS messages received on the hacked Android phone. Once the virus is installed, a search function that is built-in allows hackers, remotely, to retrieve only SMS based on a keyword or phrase.

The malware remains stealthy, only collecting text messages that match theapplication requested so that he can secretly continue this activity for long periodswrite experts from Trend Micro. If the service allowed its customers to access all messages on infected phones, owners would quickly notice.. »

A scam to create thousands of fake accounts

When you register for this type of activation service by text messagethe service in question relies on our IP adress to authenticate the connection. How can hackers bypass this check? According to Trend Micro, they circumvent this restriction by using proxies premises and vpn to connect to the desired platform.

Furthermore, since these SMS activation services only sell the codes unique confirmation required when registering an account, the person in charge of the ” botnet » relies on the fleet of smartphones infected to receive, review and report SMS verification codes without the knowledge and consent of the owners.

In other words, the botnet creates access to thousands of mobile numbers in different countries, and there is a snowball effect since by recovering the activation codes, hackers can register new accounts and use for various fraudulent activities. Trend Micro cites, for example, the creation of thousands of fake accounts on social networks to, for example, circulate fake news.

Interested in what you just read?

fs1