Locks and Security News: your weekly locks and security industry newsletter
4th September 2024 Issue no. 719
Your industry news - first
We strongly recommend viewing Locks and Security News full size in your web browser. Click our masthead above to visit our website version.
Zimperium uncovers sophisticated SMS Stealer campaign
Zimperium has announced the discovery of a new and potent threat identified as the SMS Stealer. This malicious software, uncovered by Zimperium's zLabs team during routine malware analysis, has been identified in over 105,000 samples, across more than 600 global brands, highlighting its extensive reach and significant risks, including account takeovers and identity theft.
The SMS Stealer threat, first identified in 2022, uses fake ads and Telegram bots posing as legitimate services to trick victims into gaining access to their SMS messages. Once access is granted, the malware connects to one of its 13 Command and Control (C&C) servers, confirms its status, and begins transmitting stolen SMS messages, including one-time passwords (OTPs).
OTPs are designed to add an extra layer of security to online accounts, particularly for enterprises controlling access to sensitive data. However, the SMS Stealer’s ability to intercept OTPs undermines this security feature, giving bad actors the means to gain control of victims’ accounts. The malware associated with SMS Stealer remains hidden, allowing for continuous attacks.
The Impact of SMS Stealer:
“The SMS Stealer represents a significant evolution in mobile threats, highlighting the critical need for robust security measures and vigilant monitoring of application permissions,” said Nico Chiaraviglio, Chief Scientist at Zimperium. “As threat actors continue to innovate, the mobile security community must adapt and respond to these challenges to protect user identities and maintain the integrity of digital services.”
More details on SMS Stealer here.
7th August 2024