Breaking News
Zimperium Uncovers Sophisticated SMS Stealer Campaign: Android-Targeted Malware Enables Corporate Network and Application Infiltration
Zimperium, the leading global provider of mobile security solutions, announces the discovery of a new and potent threat identified as the SMS Stealer. This malicious software, uncovered by Zimperium’s zLabs team during routine malware analysis, has been identified in over 105,000 samples, across more than 600 global brands, highlighting its extensive reach and significant risks, including account takeovers and identity theft.
The SMS Stealer threat, first identified in 2022, uses fake ads and Telegram bots posing as legitimate services to trick victims into gaining access to their SMS messages. Once access is granted, the malware connects to one of its 13 Command and Control (C&C) servers, confirms its status, and begins transmitting stolen SMS messages, including one-time passwords (OTPs).
OTPs are designed to add an extra layer of security to online accounts, particularly for enterprises controlling access to sensitive data. However, the SMS Stealer’s ability to intercept OTPs undermines this security feature, giving bad actors the means to gain control of victims’ accounts. The malware associated with SMS Stealer remains hidden, allowing for continuous attacks.
The Impact of SMS Stealer:
- Credential Theft: The malware can intercept and steal OTPs and login credentials, leading to complete account takeovers.
- Malware Infiltration: Attackers may use stolen credentials to infiltrate systems with additional malware. Increasing scope and severity of attack.
- Ransomware Attacks: Stolen access can be leveraged to deploy ransomware, leading to data encryption and significant financial demands for data recovery.
- Financial Loss: Attackers can make unauthorized charges, create fraudulent accounts, and facilitate significant financial theft and fraud.
“The SMS Stealer represents a significant evolution in mobile threats, highlighting the critical need for robust security measures and vigilant monitoring of application permissions,” said Nico Chiaraviglio, Chief Scientist at Zimperium. “As threat actors continue to innovate, the mobile security community must adapt and respond to these challenges to protect user identities and maintain the integrity of digital services.”
For more details on SMS Stealer read our technical blog here.
People In This Post
Companies In This Post
- CBI Drives Verification of Payee Compliance in Italy Read more
- Lastro Secures $15M Series A Led by Prosus Ventures to Scale its AI Agent, Empowering Over 2M Homebuyers Read more
- Evertec Announces Closing of Controlling Stake in Tecnobank, Expanding Product Offering in Brazil Read more
- EXCLUSIVE: “Scaling Safely – Without Debanking” – Imam Saygili, Flagright in ‘The Fintech Magazine’ Read more
- APIs Driving Embedded Finance Innovation Read more
Evertec Announces Closing of Controlling Stake in Tecnobank, Expanding Product Offering in Brazil
EVERTEC, Inc. (NYSE: EVTC) (“Evertec”, the “Company”, “we” or “our”) today announced that the Company has closed the previously announced transaction to acquire a controlling stake in Tecnobank Tecnologia Bancária S.A.
$1,700 Lost per Australian to Fraud in 2025 Amid AI Advances and Peak Season Risks, According to Adyen
Adyen, the global financial technology platform, revealed that fraud losses in Australia are on the rise, set to intensify as the peak shopping season approaches.
European Central Bank Concludes a Framework Agreement with Feedzai to Detect and Prevent Fraud for Forthcoming Digital Euro
The European Central Bank (ECB) has concluded a framework agreement in ranking with Feedzai, the world’s leading RiskOps platform for financial crime prevention, as the first-ranked tenderer, to provide the central fraud detection and prevention mechanism for the digital euro (link to contract award notice and announcement on ECB’s website).
Diebold Nixdorf’s Brian Gallipeau Recognized as Future of Field Service Stand Out 50 Leader for 2025
Diebold Nixdorf (NYSE: DBD), a global leader in transforming the way people bank and shop, today announced that Brian Gallipeau, senior vice president, Service Americas, has been named to the Future of Field Service Stand Out 50 Leaders list for 2025. The award recognizes leaders from around the globe who drive innovation, operational excellence and meaningful impact in field service organizations.
Public Launches Fully Customizable Direct Indexing
Public, the platform for long-term investing, announces that members can now build their own direct index from a wide range of foundational indices. Direct indexing is a strategy where, instead of investing in a derivative of the index, such as an ETF, investors own each stock in the index directly, enabling automated tax strategies and personalization of the index. Members can access over 100 different indices from Solactive and S&P® to directly own and customize their holdings to their liking, as well as optimize for tax savings through tax-loss harvesting.
Fuse Breaks Dollar Clearing Bottleneck with USD Virtual Accounts for Emerging Markets
Fuse has launched its USD virtual accounts, giving organisations fast and reliable access to emerging markets. Since launch, transaction volumes have grown by more than 100 percent month over month, already more than doubling its AED business.
Hanscom Federal Credit Union and Alkami Forge Strategic Partnership to Power a Differentiated Mobile Banking Experience
Alkami Technology, Inc. (Nasdaq: ALKT) ("Alkami"), a digital sales and service platform provider for financial institutions in the U.S., today announced a strategic partnership with Hanscom Federal Credit Union (HFCU) to support the launch of HFCU's proprietary mobile banking experience. Designed to deliver a convenient, gamified approach to banking, the mobile application (app) will empower members with personalized tools for financial wellness. As part of the collaboration, HFCU will also adopt Alkami's Online Banking Platform to help ensure a seamless and secure experience across digital channels.
CBI Drives Verification of Payee Compliance in Italy
Share this post: Share on LinkedIn Share on X (Twitter) Share on Facebook Share on […]
Lastro Secures $15M Series A Led by Prosus Ventures to Scale its AI Agent, Empowering Over 2M Homebuyers
Lastro, a Brazilian artificial intelligence proptech, announced a Series A round of $15 million led by Prosus Ventures, a global tech operator and investor and major shareholder in iFood and OLX. FJ Labs and Endeavor Scale-Up Ventures also participated in the round, along with existing investors Canary, QED and 1Sharpe Ventures.
Evertec Announces Closing of Controlling Stake in Tecnobank, Expanding Product Offering in Brazil
EVERTEC, Inc. (NYSE: EVTC) (“Evertec”, the “Company”, “we” or “our”) today announced that the Company has closed the previously announced transaction to acquire a controlling stake in Tecnobank Tecnologia Bancária S.A.
EXCLUSIVE: “Scaling Safely – Without Debanking” – Imam Saygili, Flagright in ‘The Fintech Magazine’
Share this post: Share on LinkedIn Share on X (Twitter) Share on Facebook Share on […]
APIs Driving Embedded Finance Innovation
Share this post: Share on LinkedIn Share on X (Twitter) Share on Facebook Share on […]
FinScan’s AML Software Solutions Integrate with LSEG World-Check On Demand
FinScan®, an Innovative Systems solution and leading provider of advanced anti-money laundering (AML) compliance solutions, today announced integration with and support for LSEG World-Check On Demand. FinScan is one of the first LSEG partners to announce support of the solution.
Sixfold Launches Referral Agent: Turning AI Insights Into Instant Underwriting Action
Sixfold, the underwriting AI company, today announces that it has expanded its P&C platform with Referral Agent – a major step toward AI that doesn’t just deliver insights but acts on them. Referral Agent flags cases for referral and builds a ready-to-send package in one click, setting the stage for more action-oriented capabilities across underwriting.