Danchev profiling a service which proposes more than 5M harvested mobile phone numbers has discovered a fraudulent architecture used for illicit purposes.
Cybercrime has targeted mobile industry more than ever, the number of attacks is on the rise and the proposal in the underground of tools and services for mobile market is rapidly growing. The attackers are able to adapt their techniques based on victim’s habit and local law framework, an interesting post of Dancho Danchev explained how cybercriminals are evolving their penetration methods for mobile industry through the systematic release of DIY (do-it-yourself) mobile number harvesting tools, “successfully setting up the foundations for commercial managed/on demand mobile phone number harvesting services, ultimately leading to an influx of mobile malware/spam campaigns.”
The popular expert has profiled harvests mobile phone number service advertised in the underground, discovering that it aslo proposes SMS spamming and phone number verification services. Recent analysis revealed the cybercriminals ecosystem is also providing Android-based botnet generating tools allowing criminal gangs to arrange large scale scams and malware based campaigns.
Danchev and his team have recently spotted a service offering 5M+ harvested and segmented Russian mobile phone numbers, the sellers proposed millions of numbers arranged per business status, gender, driving license basis. The service exposes a long-run fraudulent Win32:SMSSend serving infrastructure SEVAHOST-AS Seva-Host Ltd (AS49313), it is interesting to note that the cyber criminals segmented harvested mobile phone numbers of Sochi citizens, and adopted a collection of malicious mobile apps to infect victim’s handset and recruit is in a mobile botnet.
The researchers discovered that the criminals used the following domainhxxp://instagramm-registration.ru linked having IP address 188.8.131.52, the same address is also used to host other malicious services and domains like rogue games or fraudulent websites.
The criminals also deployed a cloned service for segmented harvested mobile phone numbers belonging to Sochi citizens on the same IP, probably to segment the offerrelated specific events like Olympic games launching social engineering driven Android-based malware serving SMS spam campaigns.
In the next months the sales model cybercrime-as-a-service will be increaslyadopted by cyber criminal groups to monetize their knowledge responding to the increase attention to mobile industry manifested by the international crime.