SECURITY
SECURITY
SECURITY
Zimperium warns new ‘SMS Stealer’ malware is actively intercepting onetime passwords
A new report released today from mobile security platform provider Zimperium Inc. is warning of a new and potent threat that hijacks onetime password text messages, posing significant risks to account security and personal data.
Called SMS Stealer, the malicious software has been identified in over 105,000 samples across more than 600 global brands, highlighting its extensive reach and risks, including account takeovers and identity theft.
SMS Stealer uses fake ads and Telegram bots posing as legitimate services to trick victims into gaining access to their SMS messages. Once access is granted, the malware connects to one of its 13 command-and-control servers, confirms its status and then begins transmitting stolen SMS messages, including OTPs.
OTPs have become a highly popular way for financial companies and others to add an additional layer of security to online accounts. Anyone with a bank account knows how it works – you get sent an SMS message with an OTP that is used to confirm a transaction, but SMS Stealer’s ability to intercept those messages undermines the security feature, giving bad actors the ability to gain control over potential victims’ accounts. SMS Stealer remains hidden on infected devices, allowing for continuous attacks.
The SMS Stealer malware can intercept and steal OTPs and login credentials, leading to complete account takeovers, infiltration of systems with additional malware and deployment of ransomware, resulting in data encryption and financial demands for recovery. Additionally, attackers can make unauthorized charges, create fraudulent accounts and facilitate significant financial theft and fraud.
Stephen Kowski, field chief technology officer at email security company SlashNext Inc., told SiliconANGLE that the “malware’s ability to intercept onetime passwords and target more than 600 global brands highlights a critical vulnerability in current security frameworks and demonstrates the sophisticated nature of mobile threats today.”
Darren Guccione, co-founder and chief executive at cybersecurity company Keeper Security Inc., noted that SMS Stealer “is a stark reminder of the evolving tactics of cybercriminals to exploit unsuspecting victims.”
“The transmission of stolen SMS messages – and OTPs in particular – is highly concerning,” Guccione added. “By intercepting these messages, cybercriminals can bypass those multifactor authentication protections, gain unauthorized access to accounts and potentially cause very real harm.”
Image: SiliconANGLE/Ideogram
A message from John Furrier, co-founder of SiliconANGLE:
Support our mission to keep content open and free by engaging with theCUBE community. Join theCUBE’s Alumni Trust Network, where technology leaders connect, share intelligence and create opportunities.
- 15M+ viewers of theCUBE videos, powering conversations across AI, cloud, cybersecurity and more
- 11.4k+ theCUBE alumni — Connect with more than 11,400 tech and business leaders shaping the future through a unique trusted-based network.
About SiliconANGLE Media
SiliconANGLE Media is a recognized leader in digital media innovation, uniting breakthrough technology, strategic insights and real-time audience engagement. As the parent company of SiliconANGLE, theCUBE Network, theCUBE Research, CUBE365, theCUBE AI and theCUBE SuperStudios — with flagship locations in Silicon Valley and the New York Stock Exchange — SiliconANGLE Media operates at the intersection of media, technology and AI.
Founded by tech visionaries John Furrier and Dave Vellante, SiliconANGLE Media has built a dynamic ecosystem of industry-leading digital media brands that reach 15+ million elite tech professionals. Our new proprietary theCUBE AI Video Cloud is breaking ground in audience interaction, leveraging theCUBEai.com neural network to help technology companies make data-driven decisions and stay at the forefront of industry conversations.
