Europe Confirms Record €4.1B Penalty Against Google for Android Practices|U.S. CISA adds a Microsoft SharePoint Server flaw to its Known Exploited Vulnerabilities catalog|430,000 FortiGate Devices Exposed in FortiBleed Ransomware Link|Adobe fixed multiple maximum-severity flaws in ColdFusion and Campaign Classic|Alleged Scattered Spider Hacker Extradited to U.S. to Face Cybercrime Charges|Oracle E-Business Suite Flaw Under Active Attack, 950 Systems Exposed|Azure CLI Targeted in LSHIY Password Spray Campaign Across 64 Orgs|CISA Warns BlueHammer Flaw Is Now Exploited in Ransomware Attacks|RustDuck: The Botnet That’s Still Small but Engineering Like It Plans to Grow|GuardFall Flaw Hits 10 of 11 Popular Open-Source AI Agents|XSS.is, The Forum That Ran the Ransomware Supply Chain Is Down. The Market Isn’t|U.S. CISA adds SimpleHelp flaw to its Known Exploited Vulnerabilities catalog|Europe Confirms Record €4.1B Penalty Against Google for Android Practices|U.S. CISA adds a Microsoft SharePoint Server flaw to its Known Exploited Vulnerabilities catalog|430,000 FortiGate Devices Exposed in FortiBleed Ransomware Link|Adobe fixed multiple maximum-severity flaws in ColdFusion and Campaign Classic|Alleged Scattered Spider Hacker Extradited to U.S. to Face Cybercrime Charges|Oracle E-Business Suite Flaw Under Active Attack, 950 Systems Exposed|Azure CLI Targeted in LSHIY Password Spray Campaign Across 64 Orgs|CISA Warns BlueHammer Flaw Is Now Exploited in Ransomware Attacks|RustDuck: The Botnet That’s Still Small but Engineering Like It Plans to Grow|GuardFall Flaw Hits 10 of 11 Popular Open-Source AI Agents|XSS.is, The Forum That Ran the Ransomware Supply Chain Is Down. The Market Isn’t|U.S. CISA adds SimpleHelp flaw to its Known Exploited Vulnerabilities catalog|
Advertisement

Ad Placeholder

Full Width × 90

Cyber Crime

Fraudulent infrastructure behind 5M harvested Russian phone numbers service

Danchev profiling a service which proposes more than 5M harvested mobile phone numbers has discovered a fraudulent architecture used for illicit purposes. Cybercrime has targeted mobile industry more than ever, the number of attacks is on the rise and the proposal in the underground of tools and services for mobile market is rapidly growing. The […]

Fraudulent infrastructure behind 5M harvested Russian phone numbers service

Danchev profiling a service which proposes more than 5M harvested mobile phone numbers has discovered a fraudulent architecture used for illicit purposes.

Cybercrime has targeted mobile industry more than ever, the number of attacks is on the rise and the proposal in the underground of tools and services for mobile market is rapidly growing. The attackers are able to adapt their techniques based on victim’s habit and local law framework, an interesting post of Dancho Danchev explained how cybercriminals are evolving their penetration methods for mobile industry through the systematic release of DIY (do-it-yourself) mobile number harvesting tools, “successfully setting up the foundations for commercial managed/on demand mobile phone number harvesting services, ultimately leading to an influx of mobile malware/spam campaigns.”

The popular expert has profiled harvests mobile phone number service advertised in the underground, discovering that it aslo proposes SMS spamming and phone number verification services. Recent analysis revealed the cybercriminals ecosystem is also providing Android-based botnet generating tools allowing criminal gangs to arrange large scale scams and malware based campaigns.

Danchev and his team have recently spotted a service offering 5M+ harvested and segmented Russian mobile phone numbers, the sellers proposed millions of numbers arranged per business status, gender, driving license basis. The service exposes a long-run fraudulent Win32:SMSSend serving infrastructure SEVAHOST-AS Seva-Host Ltd (AS49313), it is interesting to note that the cyber criminals segmented harvested mobile phone numbers of Sochi citizens, and adopted a collection of malicious mobile apps to infect victim’s handset and recruit is in a mobile botnet.

 Mobile Cybercrime Harvested Mobile Phone Numbers

 

The researchers discovered that the criminals used the following domain hxxp://instagramm-registration.ru linked having IP address 91.228.155.210, the same address is also used to host other malicious services and domains like rogue games or fraudulent websites.

The criminals also deployed a cloned  service for segmented harvested mobile phone numbers belonging to Sochi citizens on the same IP, probably to segment the offer related specific events like Olympic games launching social engineering driven Android-based malware serving SMS spam campaigns.

Mobile Cybercrime Harvested Mobile Phone Numbers 3

 

What’s next?

In the next months the sales model cybercrime-as-a-service will be increasly adopted by cyber criminal groups to monetize their knowledge responding to the increase attention to mobile industry manifested by the international crime.

Pierluigi Paganini

(Security Affairs –  harvested mobile phone numbers, cybercrime)