Hackers Exploiting Infected Android Devices to Register Disposable Accounts

An analysis of SMS phone-verified account (PVA) services has led to the discovery of a rogue platform built atop a botnet involving thousands of infected Android phones, once again underscoring the flaws with relying on SMS for account validation.

SMS PVA services, since gain prevalence in 2018, provide users with alternative mobile numbers that can be used to register for other online services and platforms, and help bypass SMS-based authentication and single sign-on (SSO) mechanisms put in place to verify new accounts.

“This type of service can be used by malicious actors to register disposable accounts in bulk or create phone-verified accounts for conducting fraud and other criminal activities,” Trend Micro researchers¬†said¬†in a report published last week.

Telemetry data gathered by the company shows that most of the infections are located in Indonesia (47,357), followed by Read more: https://bit.ly/3oYfVkP

Leave a Reply

Your email address will not be published.