The risks of ‘smishing’, the fraud that uses SMS to infect mobile phones

Check Point Research has warned of the campaigns of ‘smishing‘, a series of cyberattacks that They use texting and social engineering to mislead users, infect their computers and steal sensitive data and money.

SMS from ‘phishing‘, that is, the text messages that simulate their sending from a known body or brand, include a supposed notification for the user, such as a complaint, and accompany it with a link for your follow-up.

By clicking on the link, the user is urged to download a malicious Android application, and to enter sensitive data, such as bank card details. Once installed, the ‘app’ steal all SMS from the infected device, allowing criminals to use the credit or debit card and access the SMS that are sent as part of the two-factor authentication.

The malicious application checks the command and control (C&C) server controlled by cybercriminals for new commands to be executed periodically. In addition, to maintain persistence, after sending the card information, the application can hide its icon, making it difficult to control and uninstall.

This methodology described by the Check Point researchers has been detected in the ‘smishing’ campaigns directed against Iranian citizens, who supplant the Government of the country, and which has led to the theft of billions of Iranian rials from the victims, with estimated figures of between 1,000 and 2,000 dollars per user. In addition, third parties can access stolen data ‘online’ since it has not been protected.

The company indicates in a statement that cybercriminals are taking advantage of a technique known as ‘smishing’ botnets, in which compromised devices are used as ‘bots’ to spread SMS of ‘phishing’ similar to other potential victims.

Attackers use various Telegram channels to promote and sell their tools for between $ 50 and $ 150, providing a complete ‘Android campaign kit’, including the malicious app and underlying infrastructure, with a control panel that can be easily managed by anyone through a simple Telegram bot interface.

The campaign takes advantage of social engineering and causes significant economic losses, despite the low quality and technical simplicity of its tools, “said Alexandra Gofman, head of the Threat Intelligence team at Check Point Software.

Specifically, Gofman points out that their success lies in the fact that these are official-looking government messages, but also due to the ‘botnet’ nature of these attacks, in which each infected device is ordered to distribute more SMS messages from ‘ phishing ‘, causing them to spread rapidly to a large number of potential victims.


Source link