Tech

Thousands of phone numbers have been hacked in France

Thousands of telephone numbers have been hacked in France. According to an investigation, hackers managed to take control of many virtual numbers. With the help of malware pre-installed on some phones, they can then bypass double authentication to engage in criminal practices.

The abolition of roaming charges is extended

According to Trend Micro computer security researchers, hackers managed to take control of some SMS activation services. These disposable numbers, or virtual numbers, allow you to register for an online service without having to provide your real phone number.

These services guarantee Internet users that they will avoid unwanted advertising calls, fraudulent calls or SMS scams afterwards. It is single use number. It is therefore not possible to rent a telephone number in the long term. The services offer in particular to register with Facebook, Amazon, Twitter or even AirBnB.

Also read: Beware, this Android malware deletes data from your smartphone and empties your bank account

Malware preinstalled on some Android smartphones when they leave the factory

Hackers useda botneta network of bots connected to the Internet, to seize these disposable phone numbers. “This type of service can be abused by cybercriminals to register bulk disposable accounts or create phone-verified accounts for fraudulent purposes”explains Trend Micro in its report.

With these virtual numbers in their possession, hackers can use double authentication to their advantage. Two-factor authentication aims to guarantee the authenticity of a user’s identity using two different pieces of information: a password accompanied by a code sent by SMS.

To receive these authentication codes, hackers use Android smartphones that have been infected with malware. These infected telephones receive authentication codes without the knowledge of their owner. Thanks to the installed virus, hackers retrieve the necessary information remotely to log in or register for accounts.

In this case, the hackers behind the attack slipped malware titled Guerilla in entry-level Android phones from several Asian brands, including Huawei, Oppo, Meizu, HTC and ZTE. After investigation, the researchers say that it is very likely that the hackers hid the malware from the production phase, before the smartphones left the factory.

This is not the first time that malware has been pre-installed on phones before their release on the market. In 2020, an investigation revealed the presence of 2 Android malware preinstalled on smartphones from the Chinese brand Tecno W2. These two malwares are called Triada and xHelper and are designed to subscribe users to premium online services. A few years earlier, developers had already injected the Triada virus into the code of several devices from the LEAGOO and Nomu brands before their release.

For its part, the Guerilla virus is capable of intercepting text messages sent by specific services. The messages exchanged by the owner of the smartphone are not collected. However, Trend Micro believes that “user privacy is at risk because these services have access to private data, messages and applications”.

More than 5000 hacked phone numbers in France

According to Trend Micro researchers, tens of thousands of disposable phone numbers were hacked as part of this operation. In Europe, the most affected country would be France. The researchers found up to 5,500 infections there.

This large-scale campaign is carried out by fraudulent SMS activation services and hackers, believes Trend Micro, with supporting evidence. The researchers managed to prove that certain virtual number services are involved in these operations. Indeed, the maintenance costs of some services are higher than the revenues obtained by declared users.

Thanks to these disposable numbers and SMS-intercepting malware, hackers can easily register on online services or social networks without revealing their true identity. Anonymity is a valuable asset for a hacker.

“This means that there could be authenticated and verified but fraudulent accounts on platforms”, says Trend Micro. To circumvent the security measures put in place by the services, hackers use VPNs or proxy servers. These tools allow online services to believe that they are in the same place as the phone receiving the passcode.

They can then spread fake news for political purposes, deploy online scams or link these numbers to accounts on a payment service, such as PayPal. With full access to a PayPal account, they then transact online. Thanks to their scheme, the authorities are unable to trace them.

Source: Trend Micro

Related Articles

Leave a Reply

Your email address will not be published. Required fields are marked *