Zimperium, a security expert in real-time protection for mobile devices, has discovered a new and potent threat identified as SMS Stealer. Zimperium’s zLabs team uncovered the malware during routine analysis and has now detected it in over 105,000 malware samples from more than 600 global brands.
This underlines their wide reach and the considerable risks associated with account takeovers and identity theft.
First identified in 2022, the SMS Stealer threat uses fake ads and Telegram bots posing as legitimate services to trick victims into retrieving their SMS messages. If access is granted, the malware connects to one of its thirteen command and control (C&C) servers, confirms status and begins transmitting stolen SMS messages, including one-time passwords (OTP).
As an additional layer of security, one-time passwords are supposed to better protect online accounts and allow companies in particular to control access to sensitive data. By stealing OTPs, SMS Stealer undermines this protection and gives malicious actors the ability to gain control of affected accounts. The malware associated with SMS Stealer remains hidden in the background to enable continuous attacks.
Effects of SMS Stealer:
- Theft of credentials: The malware can intercept and steal OTPs and credentials, leading to complete account takeovers.
- Malware infiltration: Attackers can use stolen credentials to infiltrate systems with additional malware, increasing the scope and severity of attacks.
- Ransomware attacks: The stolen access data can be used to infiltrate ransomware – data encryption and ransom demands entail considerable financial costs.
- Financial risks: Attackers can make unauthorized debits, create fraudulent accounts and cause significant damage through theft and fraud.
“The SMS Stealer represents a significant evolution of mobile threats and underscores the urgent need for robust security measures and effective monitoring of app permissions,” said Nico Chiaraviglio, Chief Scientist at Zimperium. “As threat actors become more innovative, mobile security must adapt to these challenges to protect user identities and maintain the integrity of digital services.”
Further information on the “SMS Stealer” as well as images and a detailed description of how the malicious program works are available here.
(vp/Zimperium)