- Joined
- May 15, 2016
- Messages
- 10,388
- Likes
- 2,620
- Points
- 1,730
The researchers studied the services for SMS verification of accounts and identified a large-scale platform of cybercriminals built on a botnet. The latter included thousands of infected Android mobile devices. According to experts, their find once again underlined the shortcomings of SMS account validation.
The so-called PVA (phone-verified account) services, which became widespread in 2018, give users the opportunity to use alternative phone numbers that can be used to register accounts on various sites.
The advantage of such services is that they help people bypass account verification via SMS and even account login mechanisms using short codes (also come in SMS messages).
“Cybercriminals can use such services to create verified accounts, and then use them to carry out fraudulent and other criminal activities,” Trend Micro researchers write.
The data collected by experts showed that the majority of mobile devices infected in this campaign were in Indonesia (47,357), followed by Russia (16,157), and Thailand (11,196) came in third. The top ten also includes India (8,109), France (5,548), Peru (4,915), Morocco (4,822), South Africa (4,413), Ukraine (2,920) and Malaysia (2,779).
Most of the affected devices are budget Android smartphones from manufacturers such as Lava, ZTE, Mione, Meizu, Huawei, Oppo, and HTC. Experts pointed to a specific smspva[.]net service that uses compromised Android devices. The malware could have entered these smartphones in one of two ways: through accidentally downloaded bad software or through pre-installed dubious applications.
As an example of one of these malware, the researchers cited Guerrilla (plug.dex), which is designed specifically for parsing SMS messages. This malware checks information received from text messages with templates hosted on operators' servers.
Simply put, the botnet discovered by Trend Micro provides easy access to thousands of phone numbers in different countries. How these numbers will be used depends on the attackers' imagination.
__________________
The so-called PVA (phone-verified account) services, which became widespread in 2018, give users the opportunity to use alternative phone numbers that can be used to register accounts on various sites.
The advantage of such services is that they help people bypass account verification via SMS and even account login mechanisms using short codes (also come in SMS messages).
“Cybercriminals can use such services to create verified accounts, and then use them to carry out fraudulent and other criminal activities,” Trend Micro researchers write.
The data collected by experts showed that the majority of mobile devices infected in this campaign were in Indonesia (47,357), followed by Russia (16,157), and Thailand (11,196) came in third. The top ten also includes India (8,109), France (5,548), Peru (4,915), Morocco (4,822), South Africa (4,413), Ukraine (2,920) and Malaysia (2,779).
Most of the affected devices are budget Android smartphones from manufacturers such as Lava, ZTE, Mione, Meizu, Huawei, Oppo, and HTC. Experts pointed to a specific smspva[.]net service that uses compromised Android devices. The malware could have entered these smartphones in one of two ways: through accidentally downloaded bad software or through pre-installed dubious applications.
As an example of one of these malware, the researchers cited Guerrilla (plug.dex), which is designed specifically for parsing SMS messages. This malware checks information received from text messages with templates hosted on operators' servers.
Simply put, the botnet discovered by Trend Micro provides easy access to thousands of phone numbers in different countries. How these numbers will be used depends on the attackers' imagination.
__________________