Thursday, 4 July 2013

Hacking tool caught harvesting industry-specific mobile phone numbers

Security researchers from Webroot have uncovered an underground black market tool that harvests specific mobile phone numbers for use in cyber scams.
Webroot's Dancho Danchev uncovered the service – which is designed to aid criminals' SMS spam tools – and warned that it is far more sophisticated than most underground tools as it allows hackers to tailor their attacks to harvest numbers from particular industries.
Search and harvesting criteria options include region, city, type of company, age, sex, interests and job title.
Danchev said the crooks behind the harvesting tool are also offering crooks several other services. "Next to the actual harvesting of mobile phone numbers on demand, the vendor is also ‘vertically integrating' within the marketplace by also offering phone number verification services as well as actual SMS spamming/SMS based TDoS (telephony denial of service attack) services," he wrote.
The discovery follows widespread warnings from the security industry that the threat facing smartphone users is increasing. Most recently, Russian security firm Kaspersky detected 23,000 new mobile threats in its Q1 2013 Threat Report.
Danchev added that Webroot expects to see more mobile harvesting tools appear. "We expect to continue observing an increase in vendors offering cybercrime-as-a-service solutions with vertical market integration in mind, in an attempt by the cyber criminals operating them to occupy an even bigger market share within the TDoS and the SMS spam market segments," he wrote.
Despite the troubling nature of the marketplace, SMS-based phishing scams are among the less sophisticated threats targeting mobile phone users, with experts recently uncovering a host of more complex attack tools. Symantec researchers found FakeDefender malware infecting Android smartphones by masquerading as a legitimate security application.

No comments:

Post a Comment