Cybercrime has targeted mobile industry more than ever, the number of attacks is on the rise and the proposal in the underground of tools and services for mobile market is rapidly growing. The attackers are able to adapt their techniques based on victim’s habit and local law framework, an interesting post of Dancho Danchev explained how cybercriminals are evolving their penetration methods for mobile industry through the systematic release of DIY (do-it-yourself) mobile number harvesting tools, “successfully setting up the foundations for commercial managed/on demand mobile phone number harvesting services, ultimately leading to an influx of mobile malware/spam campaigns.”
The popular expert has profiled harvests mobile phone number service advertised in the underground, discovering that it aslo proposes SMS spamming and phone number verification services. Recent analysis revealed the cybercriminals ecosystem is also providing Android-based botnet generating tools allowing criminal gangs to arrange large scale scams and malware based campaigns.
Danchev and his team have recently spotted a service offering 5M+ harvested and segmented Russian mobile phone numbers, the sellers proposed millions of numbers arranged per business status, gender, driving license basis. The service exposes a long-run fraudulent Win32:SMSSend serving infrastructure SEVAHOST-AS Seva-Host Ltd (AS49313), it is interesting to note that the cyber criminals segmented harvested mobile phone numbers of Sochi citizens, and adopted a collection of malicious mobile apps to infect victim’s handset and recruit is in a mobile botnet.
The researchers discovered that the criminals used the following domain hxxp://instagramm-registration.ru linked having IP address 220.127.116.11, the same address is also used to host other malicious services and domains like rogue games or fraudulent websites.
The criminals also deployed a cloned service for segmented harvested mobile phone numbers belonging to Sochi citizens on the same IP, probably to segment the offer related specific events like Olympic games launching social engineering driven Android-based malware serving SMS spam campaigns.
In the next months the sales model cybercrime-as-a-service will be increasly adopted by cyber criminal groups to monetize their knowledge responding to the increase attention to mobile industry manifested by the international crime.
(Security Affairs – harvested mobile phone numbers, cybercrime)
Necessary cookies are absolutely essential for the website to function properly. This category only includes cookies that ensures basic functionalities and security features of the website. These cookies do not store any personal information.
Any cookies that may not be particularly necessary for the website to function and is used specifically to collect user personal data via analytics, ads, other embedded contents are termed as non-necessary cookies. It is mandatory to procure user consent prior to running these cookies on your website.