June 16, 2024

Hackers Selling SMS Bomber Attack Tools on Underground Forums

In the current world of cybersecurity, security threats are evolving at a rapid pace, as there are always new problems to deal with.

Among the ever-evolving threats, SMS Bomber attacks are one of the modern attacks in the current threat landscape that can cause severe and adverse effects.

In SMS Bomber attacks the attacker hit the victim by flooding their phone number with numerous text messages. Since these large amounts of SMS overload the phones with unwanted triggers that flood the device with unwanted:-

  • Vibrations
  • Alert sounds
  • Notifications

Cybersecurity researchers at SOCRadar recently identified that hackers are actively selling SMS Bomber attack tools on several underground forums. While these attacks are executed for several illicit purposes, including:-

  • Trolling
  • Cyberbullying
  • Diverting the attention of the target

Distribution platforms

Moreover, besides the underground forums, for distribution and selling SMS Bomber attack tools, threat actors are also exploiting the messaging and open-source code-sharing platforms like:-

  • Telegram
  • ICQ
  • Discord
  • GitHub
  • Replit

SMS Bomber Market & Pricing

Security analysts at SOCRadar identified the following pricing chart in one of the underground forums:-

  • Flood email for 1 hour: $1.7 
  • Flood phone call for 1 hour: $8-$14 (120 – 200 calls per hour from different numbers) (US / Canada)
  • Flood sms phone for 1 hour: $18 (4-5 sms per minute) (US / Canada)
  • For 1 spam sms: $0.03 (US / Canada)
One of the SMS Bomber service lists (Source – SOCRadar)

Other posts and service posts that are discovered by the researchers in different forums and platforms:-

Underground forum post related to SMS BOMBER (Source – SOCRadar)

Moreover, through the redirected link, a membership-based panel was discovered offering various services including SMS attacks. With fees determined by attack duration like:- 

  • $7.50 for 1 hour
  • $615 for 100 hours
SMS Bomber service post (Source – SOCRadar)

While in the case of messaging platforms, Telegram stood at the top, since experts found a channel boasting 94,925 subscribers, and this channel was active since December 16, 2022.

To get all information about prices, security analysts established direct communication with the bot.

Pricing details (Source – SOCRadar)

Here below we have mentioned all the replies that are provided by the bot when asked, What can it do?:-

  • Perform SMS flooding 
  • Make flood calls
  • Send callback requests
  • Send prank calls
  • Send a recording of the call

During their investigation, researchers discovered another Telegram channel with 352 subscribers on which they found an SMS Validator app. 

SMS Validator (Source – SOCRadar)

This app is an SMS Bomber since it completely works like an SMS Bomber, and it is available at $18 for single and lifetime use.

In the case of open-source sharing platforms like GitHub and Replit, cybersecurity researchers found the following top queries with their respective code counts:-

  • SMS bomb with 1K Code
  • SMS bomber with 4.9K Code
  • SMS bombing with 341 Code

Apart from all these platforms, experts also used Google Dorks for more data that helped in mapping the web addresses, countries of affiliation, and sectoral information.

Countries of Affiliation  (Source – SOCRadar)

Here below are the sectors that are mapped:-

Industries of Affiliation  (Source – SOCRadar)

Protection Methods

Here below we have mentioned all the protection methods that are provided by the security analysts:-

  • Spam Filters
  • Number Hiding
  • Reliable Sources
  • Countermeasures to be taken by SMS Service Providers
  • API Security
  • Authentication Layers
  • Data Breach Monitoring
  • Web Security
  • Authorization
  • Access Controls

Keep informed about the latest Cyber Security News by following us on GoogleNews, Linkedin, Twitter, and Facebook.

Leave a Reply

Your email address will not be published. Required fields are marked *