Every SMS notification may hide an attempt to steal your data.
Cybercriminals targeted users personal data using mass phishing SMS messages. A special script called SNS Sender, which exploits Amazon's Simple Notification Service (SNS), helps hackers achieve their malicious goals.
SMS messages sent in this way contain malicious links designed to steal victims personal information and payment card details. Especially often, scammers disguise themselves as notifications from the US Postal Service (USPS) about undelivered parcels.
Researchers from SentinelOne link this activity to a hacker under the pseudonym "ARDUINO_DAS", and SNS Sender itself is noted as the first tool seen "in the wild" that uses Amazon's SNS infrastructure for spam mailings.
After studying the ready-made phishing kit for launching your own spam attack, experts found that for SMS Sender to work correctly, you need a list of phishing links stored in the file "links.txt" in the program's working directory, as well as a list of AWS access keys, target phone numbers, sender ID, and message text.
According to SentinelOne, the ARDUINO_DAS hacker is associated with more than 150 phishing kits, each of which finds its buyer on specialized sites on the darknet. Most of these kits are USPS-themed, directing users to fake parcel tracking pages to enter their personal data and credit card information later.
Researchers also observe a tendency to abuse legitimate platforms to distribute malware. The same Discord has been used more and more frequently by hackers in recent years, which underlines the need for care and caution when handling suspicious messages and links.
The investigation also revealed that some phishing kits may contain hidden backdoors that send the collected data to the developers of these kits. This gives distributors of ready-made phishing kits access to an endless stream of data from their customers, as well as the ability to further monetize the collected data.
The results of the SentinelOne study confirm the continuing trend towards using cloud environments for SMS phishing campaigns, demonstrating the need for caution on the part of both users and cybersecurity professionals.
In order not to become another victim of scammers, be vigilant and do not trust questionable SMS messages, especially those containing links. Even if it seems that the messages are legitimate and they came from a service that you actually use, this is not always true.
In case of any suspicions, the best solution is to ignore the suspicious message and contact the support service directly for advice.
Cybercriminals targeted users personal data using mass phishing SMS messages. A special script called SNS Sender, which exploits Amazon's Simple Notification Service (SNS), helps hackers achieve their malicious goals.
SMS messages sent in this way contain malicious links designed to steal victims personal information and payment card details. Especially often, scammers disguise themselves as notifications from the US Postal Service (USPS) about undelivered parcels.
Researchers from SentinelOne link this activity to a hacker under the pseudonym "ARDUINO_DAS", and SNS Sender itself is noted as the first tool seen "in the wild" that uses Amazon's SNS infrastructure for spam mailings.
After studying the ready-made phishing kit for launching your own spam attack, experts found that for SMS Sender to work correctly, you need a list of phishing links stored in the file "links.txt" in the program's working directory, as well as a list of AWS access keys, target phone numbers, sender ID, and message text.
According to SentinelOne, the ARDUINO_DAS hacker is associated with more than 150 phishing kits, each of which finds its buyer on specialized sites on the darknet. Most of these kits are USPS-themed, directing users to fake parcel tracking pages to enter their personal data and credit card information later.
Researchers also observe a tendency to abuse legitimate platforms to distribute malware. The same Discord has been used more and more frequently by hackers in recent years, which underlines the need for care and caution when handling suspicious messages and links.
The investigation also revealed that some phishing kits may contain hidden backdoors that send the collected data to the developers of these kits. This gives distributors of ready-made phishing kits access to an endless stream of data from their customers, as well as the ability to further monetize the collected data.
The results of the SentinelOne study confirm the continuing trend towards using cloud environments for SMS phishing campaigns, demonstrating the need for caution on the part of both users and cybersecurity professionals.
In order not to become another victim of scammers, be vigilant and do not trust questionable SMS messages, especially those containing links. Even if it seems that the messages are legitimate and they came from a service that you actually use, this is not always true.
In case of any suspicions, the best solution is to ignore the suspicious message and contact the support service directly for advice.
