Security researchers have identified a new threat known as SMS Stealer that has targeted over 600 global brands.
Discovered by Zimperium’s zLabs team, this malware has been found in over 105,000 samples.
First detected in 2022, SMS Stealer uses fake ads and Telegram bots to gain access to victims’ SMS messages. Once it has access, the malware connects to one of its 13 command-and-control (C2) servers to transmit stolen SMS messages, including one-time passwords (OTPs).
These OTPs are crucial for securing online accounts, especially for enterprises handling sensitive data, but SMS Stealer’s ability to intercept them undermines this security feature.
“We have seen SMS redirection malware in the past,” commented Jason Soroko, senior vice president of product at Sectigo. “However, the ability of SMS Stealer to intercept OTPs, facilitate credential theft and enable further malware infiltration poses severe risks.”
The malware has hijacked OTP text messages from over 600 global brands at the time of writing and uses around 4000 samples with pre-embedded phone numbers in Android kits. Over 95% of these samples were previously unknown, indicating the sophistication of the threat.
“Text messages increasingly contain a wealth of sensitive information that can be used for secure authentication as well as extortion of a victim,” said Ken Dunham, cyber threat director at Qualys Threat Research Unit.
“SMS malware, combined with other identity access broker data, becomes a toxic cocktail for victims targeted by sophisticated adversaries.”
Read more on Android malware: New Android Banking Trojan Mimics Google Play Update App
Additionally, over 2600 Telegram bots are linked to the SMS Stealer campaign, serving as a distribution channel.
Attackers may use these stolen credentials to infiltrate systems with additional malware or deploy ransomware, causing significant financial losses.
“To mitigate such threats, individuals and organizations must remain vigilant and adopt robust security practices,” warned Darren Guccione, CEO and co-founder at Keeper Security.
“This includes being wary of ads and suspicious messages, regularly updating software and security systems, and considering alternative authentication methods that do not rely solely on SMS-based OTPs.”