Skip to main content

 Hackers Exploiting Infected Android Devices to Register Disposable Accounts.



An analysis of SMS phone-verified account (PVA) services has led to the discovery of a rogue platform built atop a botnet involving thousands of infected Android phones, once again underscoring the flaws with relying on SMS for account validation.


SMS PVA services, since gaining prevalence in 2018, provide users with alternative mobile numbers that can be used to register for other online services and platforms, and help bypass SMS-based authentication and single sign-on (SSO) mechanisms put in place to verify new accounts.


"This type of service can be used by malicious actors to register disposable accounts in bulk or create phone-verified accounts for conducting fraud and other criminal activities," Trend Micro researchers said in a report published last week.


Telemetry data gathered by the company shows that most of the infections are located in Indonesia (47,357), followed by Russia (16,157), Thailand (11,196), India (8,109), and France (5,548), Peru (4,915), Morocco (4,822), South Africa (4,413), Ukraine (2,920), and Malaysia (2,779).


A majority of affected devices are budget Android phones assembled by original equipment manufacturers such as Lava, ZTE, Mione, Meizu, Huawei, Oppo, and HTC.


One particular service, dubbed smspva[.]net, comprises of Android phones infected with SMS-intercepting malware, which the researchers suspect could have happened in either of two ways: through malware downloaded accidentally by the user or through malicious software preloaded into the devices during manufacturing, implying a supply-chain compromise.




The underground VPA service advertises "bulk virtual phone numbers" for use on various platforms via an API, in addition to claiming to be in possession of phone numbers spanning across more than 100 countries.


The Guerrilla malware ("plug.dex"), for its part, is engineered to parse SMS messages received on the affected Android phone, check them against specific search patterns received from a remote server, and then exfiltrate the messages that match those expressions back to the server.


"The malware remains low-profile, collecting only the text messages that match the requested application so that it can covertly continue this activity for long periods," the researchers said. "If the SMS PVA service allows its customers to access all messages on the infected phones, the owners would quickly notice the problem."


With online portals often authenticating new accounts by cross-checking the location (i.e., IP address) of the users against their phone numbers during registration, SMS PVA services get around this restriction by making use of residential proxies and VPNs to connect to the desired platform.




What's more, these services only sell the one-time confirmation codes needed at the time of account registration, with the botnet operator using the army of compromised devices to receive, examine, and report the SMS verification codes without the owners' knowledge and consent.


In other words, the botnet facilitates easy access to thousands of mobile numbers in different countries, effectively enabling the actors to register new accounts en masse and use them for various scams or even participate in coordinated inauthentic user behavior.


"The presence of SMS PVA services makes another dent on the integrity of SMS verification as the primary means of account validation," the researchers said.


"The scale to which SMS PVA is able to supply mobile numbers means that the usual methods to ensure validity — such as blocklisting mobile numbers previously tied to account abuse or identifying numbers belonging to VoIP services or SMS gateways — won't be enough."



#THN



#osutayusuf

Comments

Popular posts from this blog

We Bring You Brief Series of Sanctions Against Uganda Government Officials.

📸: Gen Abel Kandiho. On 9-December-2021, USA slapped sanctions against the then CMI Commander Gen Abel Kandiho. 📸: Gen Kale Kayihura. On 9-December-2022, UK slapped sanctions against former Police Boss Gen Kale Kayihura. 📸: Commissioner General of Prisons, Johnson Byabashaija. Again on this 4-December-2023, the same USA has slapped sanctions against Uganda Prisons Commander Johnson Byabashaija over alleged torture and human rights abuses in Prisons across Uganda. We ask, has USA and UK made December as an LCM to slap sanctions against high ranking government officials in Uganda even when the sanctions just remain on paper without deeper investigations to ascertain logical conclusions or remedy to that effect ?. #iip_updates  #Information_is_Power  #we_inform_the_uninformed

How to Host a Website for Free From Your PC or Laptop.

Why pay for a web hosting service when your old computer can do the same thing? Learn how to self-host your site. If you're planning to launch a website but don't want to pay recurring monthly or annual hosting fees, you can use any old laptop or desktop PC to host a website for free. It's a great way to utilize your old system instead of throwing it away. In this guide, we will install and set up services on our 10-year-old laptop to host a WordPress, Joomla, or custom HTML or PHP-based website with a free SSL certificate. MAKEUSEOF VIDEO OF THE DAY Things You Will Need to Host a Website Following are the pre-requisites to host a website for free from home with just your computer: An old laptop or PC running Ubuntu Server. A registered domain name for your website Ethernet cable to connect the laptop or PC to router for reliable and fast connection Step 1: Update and Upgrade the Packages After  installing Ubuntu Server on your computer , execute the following c...

WHERE IS MINISTER OF SEX SIMON LOKODO?. (He deserves a battle of soda from me! Ministe`r esalanga mabee. He is quick to run after Mrs Dr Stella Nyanzi and other Opposition elements. Government aza aza edo zuu vaa kpere bua). Anyway, below is the article! POLICE OFFICER AKOL ESTHER CHARGED OF BEING A PUBLIC NUISANCE Naughty Officer Officer who embarrassed police after leaking nude photo charged 13.03.2018 She serves in the 'Very Important Persons Protection Unit'  Akol Esther  (Courtesy) A female police officer whose nude photo surfaced on social media has been charged of being a public nuisance. Akol Esther serves in the Very Important Persons Protection Unit (VIPPU) of the police force. Kampala Metropolitan Police spokesperson Luke Owoyesigire says Akol Esther might be demoted or expelled from the police force if found guilty of circulating nude photos. Police court is yet to announce date when Akol Esther is expected to appear for a hearing. This comes at a time when Pornography Control Committee is taking tough measures against persons circulating pornography content. The committee warned and promised to arrest persons who will circulate pornographic content.

POLICE OFFICER AKOL ESTHER CHARGED OF BEING A PUBLIC NUISANCE Naughty Officer Officer who embarrassed police after leaking nude photo charged 13.03.2018 She serves in the 'Very Important Persons Protection Unit' Akol Esther  (Courtesy) A female police officer whose nude photo surfaced on social media has been charged of being a public nuisance. Akol Esther serves in the Very Important Persons Protection Unit (VIPPU) of the police force. Kampala Metropolitan Police spokesperson Luke Owoyesigire says  Akol Esther might be demoted or expelled from the police force if found guilty of circulating nude photos . Police court is yet to announce date when Akol Esther is expected to appear for a hearing. This comes at a time when Pornography Control Committee is taking tough measures against persons circulating pornography content. The committee warned and promised to arrest persons who will circulate pornographic content.